I was just testing security on my UrBackup server (http) with wireshark trying to sniff packet payloads. I checked the few HTTP packets it sent upon logging in and it only seemed to include the username in the payload, not the password. Is it sent as a hash or something, or am I just not looking at the right packet/spot? Thanks.
Yeah, it hashes on the browser side. I wouldn’t rely on this and definitely use https.