Fiddler is intercepting password for SSL enabled HTTPS login
When I keep the Fiddler ON and enter into my SSL enabled HTTPS pega website, I am seeing password of my login in the 303 transmissions.
I know this will not happen if the login is authenticated through SSO. But, is there any way to HASH ( or atleast encrypt ) the password during the 303 transmission.
I took a look at the following article but I'm not sure if it will solve the problem I have.
Can you advise on how to hide/hash/encrypt the login password during transmissions during logon ?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Keep up to date on this post and subscribe to comments
- Disable Operator and Force password change on next login are enabled for Operator ID After Upgrading to 7.4 with PostgreSQL and Tomcat
- Despite the fact that the SSL checkbox of Robotics' Service Package is off, connecting with Robot via https will connect
- enable SSL for BIX command line, but keep other application connection none-SSL.
- https enabling for PEGA applications
- Is it fine to enable https/allowAllHostnames in production..?