Strapi: Password Encryption in Request Body

Created on 5 Feb 2019  路  3Comments  路  Source: strapi/strapi
  • [ x ] I have created my request on the Product Board before I submitted this issue
  • [ x ] I have looked at all the other requests on the Product Board before I submitted this issue

Please describe your feature request:

The email and password are sent as plain text in all requests. Is there a feature already in place to encryption these fields in the request body?

help wanted
Source
picture wes-cutting

Most helpful comment

@wes-cutting if you have https setup, then you are already encrypting it. More than likely the location is in the user permissions plugin, a bit of searching around and you can probably find it

picture derrickmehaffy on 6 Feb 2019
👍2

All 3 comments

Hum password are sent as plain text in all requests can you explain please. I'm not sure of what you mean.

lauriejim picture lauriejim on 5 Feb 2019

I guess a better way to ask this would be: where is the API encryption handled in the Strapi Code?

The plain text password that is seen in the documentation, 'strapiPassword', doesn't get stored in the DB. Somewhere in the code base that plain text is encrypted. So the frontend can encrypt that plain text before it is sent across the wire, then Strapi does another layer of encryption before it is stored in the database. I'd like to know if there is a way to swap out what Strapi is using to encrypt the passwords.

wes-cutting picture wes-cutting on 5 Feb 2019

@wes-cutting if you have https setup, then you are already encrypting it. More than likely the location is in the user permissions plugin, a bit of searching around and you can probably find it

derrickmehaffy picture derrickmehaffy on 6 Feb 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

monkibraum picture monkibraum  路  3Comments
jskorepa picture jskorepa  路  3Comments
profjefferson picture profjefferson  路  3Comments
dorelljames picture dorelljames  路  3Comments
doublemarked picture doublemarked  路  3Comments