|
|
|
|
|
|
by ge0rg
2904 days ago
|
|
|
The problems are before and after the TLS tunnel. I've seen a BigCorp load balancer / web firewall log the first 1KB of each HTTP POST body into a permanent archive. A typical login submission is much smaller than that. Also in some networks the TLS connection is terminated by a frontend server and backend communication is plaintext HTTP. While these examples are obviously bad practice, having your requests signed and not leak user passwords would easily nullify their impact. |
|
|