Capturing user credentials from Login Page
mahesh_j last edited by
In my QT application, I need to download certain data. This data is protected and users need to Login to the website to download the data. In order to allow users to login, I display the Login Page of our website using
QWebEngineView. The user enters his credentials. This generates the required cookies for authentication. I store the generated cookies in QNetworkCookieJar. I then create a QNetworkAccessManager and add the saved QNetworkCookieJar to QNetworkAccessManager. I then use the QNetworkAccessManager to download the data. This all works fine. However, in the security review of my project, there were concerns raised that the Login page is under the control of my application and thus I can get the user credentials (for eg. by watching the keystrokes on Login Page).
So my question is: Is this security risk real? Can I actually get the user credentials? If yes. what options do I have to authenticate the user and still avoid any security loopholes?
JonB last edited by
Excuse me if I am wrong, but doesn't any desktop application allow keystroke monitoring?