• @[email protected]
    link
    fedilink
    31
    edit-2
    1 year ago

    Anyone who has access to any involved network infrastructure can trace the cleartext communication and extract the credentials.

    • @[email protected]
      link
      fedilink
      31 year ago

      What do you mean by any involved network infrastructure? The URI is encrypted by TLS, you would only see the host address/domain unless you had access to it after decryption on the server.

      • @apazzy
        link
        81 year ago

        They said clear text, I would assume it’s not https.

        • @[email protected]
          link
          fedilink
          5
          edit-2
          1 year ago

          The comment we are replying to is asking about a situation where there is TLS. Also using clear text values in the URI itself does not mean there wouldn’t be TLS.