Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intercepted request log shows user's entered information without encryption #2

Closed
ghost opened this issue Apr 29, 2015 · 1 comment
Closed

Intercepted request log shows user's entered information without encryption #2

ghost opened this issue Apr 29, 2015 · 1 comment

Comments

@ghost
Copy link

ghost commented Apr 29, 2015

Hey,

I found that when I send a request which contains data that is supposed to be encrypted by using POST, in the console log it shows the raw data even though default parameter (_enc) was added at the end of specific field that is wanted to be encrypted and following code was added to the app.js of web application:

.run(['cfCryptoHttpInterceptor', function(cfCryptoHttpInterceptor) {
    cfCryptoHttpInterceptor.base64Key = "16rdKQfqN3L4TY7YktgxBw==";
}]);

This happens in line number 20 in file angularjs-crypto.js. Here's an example:

Let's suppose that I want to send following object to the backend:

{id: 1, data_enc: "Hello"}

When you run your application and try to send that object, first is called angularjs-crypto.js library and it goes the code through until it comes to line 20, which is:

console.log("intercept request " + angular.toJson(data));

Here data is simply:

var data = request.data;

At this phase it will expose the raw data that is wanted to be sent with request and which must also be encrypted. Once you have run your application and open console log for example with Chrome, it shows following at angularjs-crypto line 20:

intercept request {"id": "1", "data_enc":"Hello"}

This is something that could be fixed.
@pussinboots
Copy link
Owner

Hi,

you are right. This logging is there for developing purpose.
I think of to cut it out or make it configurable. Tomorrow
morning i change this or feeling free to submit a
change request.

Thanks for this advice.
Regards
Frank

Von meinem iPhone gesendet

Am 29.04.2015 um 17:47 schrieb Amir Al Take notifications@github.com:

Hey,

I found that when I send a request which contains data that is supposed to be encrypted by using POST, in the console log it shows the raw data even though default parameter (_enc) was added at the end of specific field that is wanted to be encrypted and following code was added to the app.js of web application:

.run(['cfCryptoHttpInterceptor', function(cfCryptoHttpInterceptor) {
cfCryptoHttpInterceptor.base64Key = "16rdKQfqN3L4TY7YktgxBw==";
}]);
This happens in line number 20 in file angularjs-crypto.js. Here's an example:

Let's suppose that I want to send following object to the backend:

{id: 1, data_enc: "Hello"}
When you run your application and try to send that object, first is called angularjs-crypto.js library and it goes the code through until it comes to line 20, which is:

console.log("intercept request " + angular.toJson(data));
Here data is simply:

var data = request.data;
At this phase it will expose the raw data that is wanted to be sent with request and which must also be encrypted. Once you have run your application and open console log for example with Chrome, it shows following at angularjs-crypto line 20:

intercept request {"id": "1", "data_enc":"Hello"}
This is something that could be fixed.


Reply to this email directly or view it on GitHub.

pussinboots pushed a commit that referenced this issue Apr 30, 2015
@stagegatemedia
Fixed compile error. #2
f11cfb8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pussinboots