Clear Text Password
harrezzebra opened this issue · comments
Harbor should support hashed passwords such as outputed from openssl passwd, instead of clear text.
can you please detail the requirement?
One of our ISSP recommends, plain text password should not visible during burpsuite intercepting. login password must be hashed before it's being handed over to TLS/SSL for client server communication.
The password is sent by TLS, we consider it is safe to to communicate. please share the link of the ISSP recommends
The statement login password must be hashed before it's being handed over to TLS/SSL for client server communication
is defined in any spec/regulation?