Currently when signing in, the API call sent out includes the password unobfuscated and it can be easily intercepted. For site security, we should make it impossible to get the password from that call and others that would use it. Preferably, we should also obfuscate the email address.
Currently when signing in, the API call sent out includes the password unobfuscated and it can be easily intercepted. For site security, we should make it impossible to get the password from that call and others that would use it. Preferably, we should also obfuscate the email address.