Login form password exposed at the client side.

[Sheldenburg]

First Check

• I added a very descriptive title here.
• I used the GitHub search to find a similar question and didn't find it.
• I searched in the documentation/README.
• I already searched in Google "How to do X" and didn't find any information.
• I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

• I commit to help with one of those options 👆

Example Code

def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)

Description

I have a question regarding the login form. It's probably not a bug, but it sort of bothers me in general...
At the client side, when we sent the username and password via a form, we are sending password in plain text? I know when we send it over https, it's encrypted on the flight. But if we check the network tab on the browser, we actually exposed the password in the payload (photo attached).

Any thoughts on this everyone? Would there be some good ways to add extra protection?

Operating System

Windows

Operating System Details

windows 11

Python Version

Python 3.10.11

Additional Context

No response

[tiangolo]

Yep, that's how you would do it with any other system or app. That's why it's very important to use HTTPS. And have in mind that it is only sent from the client to the server, but it's never stored in plaintext in the server nor sent back from the server.