I have to login on a HTTP - website. There is a login form which contains inputs for username and password and as hidden inputs the sessionId. I am creating an app in which I have to access resources which just can be accessed if you are logged in on this website, so I provide a username and password input in my app to log in.
I watched the Http requests now, and the HTTP-POST-request in which the login data is sent has the parameters password and username, so I could see my username and password in fiddler non-encrypted, but I dont want to send my data unprotected.
So my question is: If the parameters of a HTTP-POST-request can be seen by tools like fiddler in clear, does this mean that my data is sent without any encryption to the server? Or is there any kind of encryption that is done which just isn't visible to me?
Aucun commentaire:
Enregistrer un commentaire