Why not use https in the url example with passwords? #14
Labels
Comments
|
And it seems that the HTTPS is not ok there. Maybe a warning then? Password will be blindly broadcast in plain text, is it not? |
|
Since obs-websocket doesn't support https/wss (obsproject/obs-websocket#26), loading the site over https will block the ws connection in most browsers since it's mixed content. Hence the warning when it is being loaded over https I don't think the hash part of the URL gets sent to the server (when loading the page) so I think that part is fine, ofc MITM threat still is gonna exist. The connecting itself doesn't broadcast the password but a one-time hash. Probably worth extra warning somewhere in UI about password security 🤷♂️ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Would it make sense to use HTTPS when passing passwords in the url?
-Pete
The text was updated successfully, but these errors were encountered: