Not to expose password on browser console...

[mahmed0715]

I was using this in our project. it was working great.
We were storing username and password as object to sessionstorage and in model.credentials.
The issue came around: one can get the raw password, so issue is to protect the password to be exposed.
I came around and found a solution that can protect the password.
We will store base64 encoded user:pass: thus the issue solved.

Use of string(base64) credential, for security we dont want to expose raw password. Storing the encoded credentials and using them on demand.
store in session
var cred = Backbone.BasicAuth.encode({
username: user,
password: pw
});
sessionStorage.setItem('credentials',cred);
this.model.credentials = cred;

using Backbone.BasicAuth.getHeader(sessionStorage.getItem('credentials'));

Thanks

[fiznool]

Thanks for the PR and apologies for the delay in responding.

I came around and found a solution that can protect the password. We will store base64 encoded user:pass: thus the issue solved.

I'm afraid this isn't really a very good solution for storing the password securely. It's trivial to decode the base64 encoded string. Anybody who knows where to look in sessionStorage will likely have the technical knowledge to see a base64 encoded string and decode it.

For this reason, I don't want to encourage this technique, so I don't think this really belongs in the plugin. So I'm going to close this for now.

Thanks again for taking the time to contribute.