How can I modify the.ftl file so that it encrypts form data in the browser?
Is it possible to encrypt an ftl file with javascript?
This topic has been covered several times in this forum. If you feel like you need to encrypt values in the browser, you’re probably misunderstanding how/why HTTPS is used. If you have a novel use case, other than “it looks like the password isn’t encrypted in the browser”, feel free to share it here. Otherwise, take a look at the documentation for configuring TLS with Keycloak (e.g. Configuring TLS - Keycloak)
1 Like
Thanks @xgp,
our form submission looks like this
“”
Actually we are trying to encrypt the form data present in the browser before sending it over network.This form data which contains the login password field needs to be encrypted. (Need to prevent form data getting displayed in network payload tab in development tool)
@Rafi As an experiment, why don’t you go to some other websites that allow you to enter a password and then submit it over the network. Can you see the password in the network payload tab in the development tool? Yes. Why? Because that data is shown before the browser has used TLS to encrypt it and send it over the network.
What you’re asking for isn’t feasible or useful, given that the browser, at some point, does have access to the unencrypted password. Encrypting it again doesn’t prevent a developer from opening the console in the development tool and printing the value from the variable in the DOM. However, you can be rest assured that when you use HTTPS/TLS properly, the data is encrypted over the network, and not readable while in transport.
As I said before, this question has been asked many times here, and represents a fundamental misunderstanding of the browser security model. If you are still confused, I would recommend going to Google and doing some research on how browsers and the proper use of TLS achieves transport layer security for form data.