What is encrypted when you use http

Hi All,

If you are using http, instead of https, is the Nextcloud authentication and the data still encrypted over the web?

Many thanks,

If you’re curious, you could wireshark it, but I wouldn’t even consider not using HTTPS.

If you use Chrome or Firefox and activate network analysis with F12 you find the POST-Request:


This request uses the parameter “password” in clear text.
This is for web applications normal.

Does the actual password get sent in clear text?

It seems so yes. You really should not use http for more or less anything today. It is really easy to deploy https in most environments

That is the end goal. Thank you all! :grinning: