Plain text password over HTTPS

You still need to make sure you send it via POST request, not GET. If you send it via GET request, it could be saved in plaintext in the user's browser history logs or the webserver's access logs.


It is safe. That's how the entire web works. All passwords in forms are always sent in plain text, so its up to HTTPS to secure it.

Tags:

Https

Password Protection

Recent Posts