Ask Your Question
0

Does HTTP login to Sage Notebook send plaintex password?

asked 2014-07-01 11:55:16 -0500

v_2e gravatar image

Does my web-browser send the login and password in plaintext when I login to Sage Notebook via HTTP protocol?

edit retag flag offensive close merge delete

1 answer

Sort by ┬╗ oldest newest most voted
1

answered 2014-07-02 20:18:45 -0500

tmonteil gravatar image

If your question is about sagenb.org website, then yes, the password is sent in plain text. You can see it by looking at the source of the page, the login form is as follows <input type="password" name="password" size="15" /> which corresponds to plain text submission (the passwod type only ensures that the password will not appear on the browser's screen, that will show stars instead of letters). If you are not convinced, you can install WIreshark and see contents of the HTTP connections, this is instructive.

If your question is about a Sage notebook you can launch from, it depends. If notebook() is called as is, then again the password is sent in plain text. If the notebook is called with the secure option set to True, then the connection is encrypted via SSL (HTTPS protocol) and your password does not travel in plain text.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-07-01 11:55:16 -0500

Seen: 284 times

Last updated: Jul 02 '14