Customize passwords processing before sending request

[diyfr]

Feature request : Customize passwords processing before sending request

I'm submitting a ...

• bug report
• [ X] feature request
• question about the decisions made in the repository

Issue description

Current behavior:
The password is visible in the calls

Expected behavior:
Add an method (config params ?) for customize password before send request (Hash, Salt etc....)

Steps to reproduce:
It is not advisable to transit and store the password in clear. See console network logs

[nnixaa]

Hi @diyfr, thanks for your suggestion. Though I'm not completely sure this makes much sense, as

• hashing or salting of the password on a client-side could be easily decrypted, as client-code is available in the browser
• to not pass passwords through the network we have HTTPS protocol which ensures the security of a connection

In any case, if you need to add an additional layer of processing you can use Angular HTTP Interceptors to be able to adjust requests before sending.

[diyfr]

This also allows to comply with the RGPD, and not store in the clear server side passwords :)