miguelgrinberg
commented
7 years ago You would never be running your production app on a plain http connection. You will be using https, so sniffing is not possible.
Closed michaelyousrie closed 7 years ago
miguelgrinberg
commented
7 years ago You would never be running your production app on a plain http connection. You will be using https, so sniffing is not possible.
michaelyousrie
commented
7 years ago Thank you.
What doesn't allow someone to sniff the request headers and get the credentials used to get the token ?
A note: even if the password is encrypted, the sniffer ( attacker ) can just grab the hashed password since it is what is decrypted at the server ( it won't matter if the password is encrypted or not is what I mean ).