Striving to become a master Go/Cloud developer; Father ๐จโ๐งโ๐ฆ; ๐ค/((Full Stack Web|Unity3D) + Developer)/g; Science supporter ๐ฉโ๐ฌ; https://coder.today
I'm not up to date to the new best practices, I'm using OAuth since forever, I think user/password is so antique.
A new threat I keep seeing is the Browser extension, this is one reason I would try to "hide" the password before sending, so it will not be stored in Analytics/Trackings by an extension.
Striving to become a master Go/Cloud developer; Father ๐จโ๐งโ๐ฆ; ๐ค/((Full Stack Web|Unity3D) + Developer)/g; Science supporter ๐ฉโ๐ฌ; https://coder.today
I'm not up to date to the new best practices, I'm using OAuth since forever, I think user/password is so antique.
A new threat I keep seeing is the Browser extension, this is one reason I would try to "hide" the password before sending, so it will not be stored in Analytics/Trackings by an extension.
So extensions can access a secured request sent from the website? including the body/ headers ..etc.?
I do not know the specifics yet, but there are many red flags, like Clipboard permissions are low priority on Chrome
Edge and Firefox doesn't even have the extensions permission system.
This week I caught an emoji extension spying which website I use.
Intercept HTTP requests in Firefox
Interesting!