We have been testing the application in our private environment. Before Going live we decided to perform a security audit. The auditor says the username and password from login page are being sent in plain text over the public internet and so recommends to encrypt them. The username and password can easily be seen by intercepting the request on any proxy tool. They are visible in plain text and can be intercepted by anyone inside the network.
So we are searching for a way where we can encrypt the username and password before sending to server from the client browser. Please help me solve the issue.
So we are searching for a way where we can encrypt the username and password before sending to server from the client browser. Please help me solve the issue.