Using ajax for form submission, developer tools can see what to do with the data

I want to use ajax to submit the form, verify that the user name password is correct, and use json to transfer data, which is also a post submission method, but once submitted, I find that the user name and password can be seen on the developer"s tool. May I ask if I misunderstood it, should not write it this way, or what is wrong and what steps are missing (let"s not talk about password encryption)?

Mar.02,2021

you can see the content of your request as soon as you grab the packet.


first of all, you must be able to see the content you submitted.

  • normally only your own browser can see it,
  • the abnormal situation is that others can view your submission through the network grab packet, which in theory can be restored to a TCP session through the packet, so that you can see your username and password.

how to deal with abnormal situations?

  • using https instead of http, should be that if it is https, the browser will automatically encrypt the submitted content, that is, although others can grab the packet, but the content is encrypted, so they don't know what you submitted.

is already visible, and you can also be caught grabbing a bag. Otherwise, there is no such thing as encryption.


is visible. Now the common thing is to add a cipher directly and then pass


    .
  • you can consider using JS encryption, and then JS to do all kinds of compression confusion. But the point is, no matter how much you compress the confusion, the front-end code is exposed, only that it makes it more expensive for interested researchers to restore JS code.
  • in addition, I am the user of this account, even if I see my account password. It's not surprising. The main thing to prevent is that I was intercepted by others in the process of data transmission, then this is also easy to do, go https.
  • what I want to emphasize is that front-end encryption doesn't make any sense, it's just self-consolation, and HTTPS is the right path.

developers will ask this question unless https is used. Other methods are useless

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e444b5-26fde.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e444b5-26fde.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?