I’m running restful_authentication plugin on my projects.
When we login to the app the contents for the form that the login sends
are clearly available for anyone sniffing traffic. For example locally I
can see that the form sends:
So the username and password can be seen there.
I know https would hide that, also the token is needed for anyone to use
those credentials later.
But, how can this be considered secure?
This is not directly related to restful_authentication plugin, common
issue with any other forms.