Capturing user credentials from Login Page
-
In my QT application, I need to download certain data. This data is protected and users need to Login to the website to download the data. In order to allow users to login, I display the Login Page of our website using
QWebEngineView. The user enters his credentials. This generates the required cookies for authentication. I store the generated cookies in QNetworkCookieJar. I then create a QNetworkAccessManager and add the saved QNetworkCookieJar to QNetworkAccessManager. I then use the QNetworkAccessManager to download the data. This all works fine. However, in the security review of my project, there were concerns raised that the Login page is under the control of my application and thus I can get the user credentials (for eg. by watching the keystrokes on Login Page).So my question is: Is this security risk real? Can I actually get the user credentials? If yes. what options do I have to authenticate the user and still avoid any security loopholes?