Closed gizezero closed 5 years ago
nuxsmin
commented
5 years ago Hello,
I'm always talking about sent data from the client side (application forms), so it does not imply from the server side.
Besides that some flow diagrams were made to clear up the security scheme.
Regards
gizezero
commented
5 years ago It's not clear for me that it's always about the client side.
I can't find plain password transferred from server to client on diagrams.
greetings
nuxsmin
commented
5 years ago Done :wink:
https://syspass-doc.readthedocs.io/en/3.1/application/encryption.html
Thanks for the feedback!
https://doc.syspass.org/en/3.0/application/encryption.html :
In order to improve the security of the sent data, RSA (PKI) is being used for encrypting the passwords that are being sent from the application forms. This prevents to send sensitive date through plain channels.
Prevents - but only in one direction - from client to server; As I can see passwords are transferred from server to browser in open text.