Home > Article > Backend Development > An introduction to password sniffing
Password sniffing Although attackers sniffing (watching) network communications between your users and applications are not specifically used for access control, it is becoming increasingly important to be aware of data exposure, especially for authentication information. Using SSL can effectively prevent HTTP requests and responses from being exposed. Requests to any resource using the https scheme are protected against password sniffing. The best approach is to always use SSL to send authentication information. You may also want to use SSL to send all requests containing session IDs to prevent session hijacking. To prevent user authentication information from being exposed, use the https scheme in the URL of the action attribute of the form as follows: CODE: