Reassuring the users

[Wra1thus]

My MMF app essentially is an enhanced ui of a particular website my users use on a day to day basis.

Everything is great except my app requires them to submit their UN/PW for the Web Control object to fill in the form and log them in. I am afraid some people might think that in the process of using the program that their login credentials will be sent to my server or w/e.

Is there some way (if anyone wanted to check) to prove that all the UN/PW is used for is to login and nothing else and not sending the info abroad? For some reason Wireshark comes to mind to check, but I have never used it. Thanks!

[nivram]

I thought Wireshark was made to do naughty things that people hate, like grab passwords away from you.

Marv

[Anders]

WireShark is just a tool. It's not meant to do anything bad though it can be used for that (same goes with knives).

If people are curious if their password is sent anywhere but the website you are talking about they can easily use WireShark to check that it only connects to that website. It is not a 100% safe solution though as it is easy to trick it.

[Wra1thus]

thanks for the info. I was also wondering (No idea if this is too crazy or just doesn't make sense) if I could have the option of the user logging in on their own browser then maybe have Web Obj just use that session/cookie data?

[Dynasoft]

No, browsers don't let you access session cookies (permanent cookies are often saved, but not session).