Open hatpick opened 8 years ago
@hatpick Why not? How do you think passwords get to servers in the first place?
At the very least, on a secure transport layer such as https so sniffers can't sniff!
Of course :) Is it suggested anywhere that this should be accessed insecurely?
Sorry, a better approach would have been suggesting adding https support to your code:
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
// your express configuration here
var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
httpServer.listen(80);
httpsServer.listen(443);
Updated the title as well :smiley:
I don't wanna burst the bubble for you, but do you think anybody is interested to send their passwords as raw text into a remote server?!