Encrypting Sensitive information in Request and Response is reveal like username, password

We need to hide / encrypt the user name and password information from being displayed when the user logs into Nextcloud. The same is visible in clear text when inspected from the browser.

Any setting / update that can achieve this will be very helpful


That’s perfectly normal and there is nothing Nextcloud could do about it. The developer tools in a browser are intended to allow the user to inspect everything that’s happening before it is encrypted via HTTPS.

However as long as you don’t save your passwords in the browser, there isn’t a security risk, because the developer tools only show network requests that are happening while the tools are open, so an attacker can’t just open the dev tools after the user has left the site and see the plaintext passwords.

Afaik, the only way to achieve this would be to not use any passwords at all. You could set up passwordless login with FIDO2, or implement some kind of single-sign solution.

But ultimately you’d face the same situation. Whatever kind of credential was being entered would be visible in dev tools prior to being transmitted.