Regarding request payload
15 views
Skip to first unread message
Jackson W
Sep 2, 2024, 10:22:28 PM9/2/24
to OpenOlat
Hi,
I wanted to encrypt the password called while i clicked the login button. But i couldn't find the event trigger. May i know how? Thanks in advance!
Florian Gnägi
Sep 3, 2024, 2:24:52 AM9/3/24
to open...@googlegroups.com
Hi
I don’t understand what you want to do. There is no encryption involved on the client during login.
Do not try to hack the login screen and somehow programmatically log into OpenOlat. If you want an external site to do the authentication, then please use an oAuth SSO Identity provider and do it the proper way. Everything else is a hack and unsafe.
Cheers
Florian
Am 03.09.2024 um 04:22 schrieb Jackson W <sc3e...@gmail.com>:
Hi,
I wanted to encrypt the password called while i clicked the login button. But i couldn't find the event trigger. May i know how? Thanks in advance!
<login.jpg>--
--
Sie erhalten diese Nachricht, weil Sie Mitglied sind von Google
Groups-Gruppe "OpenOlat".
Für das Erstellen von Beiträgen in dieser Gruppe senden Sie eine E-Mail
an open...@googlegroups.com
Um sich von dieser Gruppe abzumelden, senden Sie eine E-Mail an
openolat+u...@googlegroups.com
Weitere Optionen finden Sie in dieser Gruppe unter
http://groups.google.com/group/openolat?hl=de
-------------------------------------------------------------------------------------------------------------------
OpenOlat - infinite learning - http://www.openolat.org
---
You received this message because you are subscribed to the Google Groups "OpenOlat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openolat+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/ae247418-cf4d-4363-9d62-91ce490ce90en%40googlegroups.com.
<login.jpg>
--------------------------------------------------------------------
professional services for the e-learning system OpenOlat
hosting - operating - support - development - mobile - consulting
--------------------------------------------------------------------
frentix GmbH
Florian Gnägi, Geschäftsführer
Okenstrasse 6
CH-8037 Zürich, Switzerland
--------------------------------------------------------------------
Message has been deleted
Jackson W
Sep 3, 2024, 3:58:48 AM9/3/24
to OpenOlat
I want to encrypt the password on the client side using JavaScript. Currently, it is displayed as plain text.
Florian Gnägi
Sep 4, 2024, 6:10:45 AM9/4/24
to open...@googlegroups.com
Hi
Sorry, we do not support client side password encryption at the moment. So, if you want this, you need to implement it on the client and the server side yourself.
Though, I don't understand your remark that the password would be displayed in plain text. This is not true, the password is never displayed in the UI, the password element is used that does not render the inputed text in a visual form. You are correct that the entered password is then submitted in the post request as a normal parameter that is not encrypted. Assuming that you are using an encrypted SSL connection we think it is quite save. Encryption on the client would be even better of course, but it is just not done yet.
Cheers
Florian
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/b2df665c-452d-4843-8f4f-97db5f885d20n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages