Vulnerability in EPiServer.Forms
Do anybody know id there is a way to encrypt username and password when login into the system?
We use http and would like to avoid sending credentils in plain text.
Thank you in advance.
Switch to https
Episerver stores passwords hashed so np there. If you want encrypted network traffic use https. If you want to store username encrypted too, override standard membership provider methods and add encryption to username there. Dont normally do that though. Https and hashed passwords out of the box is usually good enough.
Daniel are correct, the way for you to encrypt the communication is to use https.
If you want to implement the encryption and hash'ing by yourself there are a good article about it here: