I am developing a system where security is more important than normal, for this reason I have had to implement several measures to avoid or minimize any type of attack, so far it has gone well for me. I use MVC and OOP in PHP and I have noticed that every time the system calls the Login Validation Controller (I use JavaScript fetch), in the Network tab of the console, the password is clearly visible (as seen in the picture).
I have searched the internet regarding the issue, what can be done to avoid this situation but I have not been able to get relevant information, I would greatly appreciate the help.
Short answer: no way
Surely you have an input of type password
This is nothing more than in input text hiding characters from view, nothing more. It's just to prevent someone watching the monitor from seeing your password. Except for this, for all purposes it is a plain text, the information is not encrypted and nothing similar
The payload is the information that is sent to your server in the POST which takes it before submitting. All this information travels unencrypted, unless you use https.
You could perfectly encrypt the password before sending it and decrypt it on the server, but the method would be on the client and this is an infinite security loop.
For my part, I don't see a security problem in showing it in the console. What's more, I just tried in 2 different banks and the password is shown in the payload, just like in your case
This situation is normal, all data must be able to be viewed for tracking, be it post, get, put. Now, you could use some sort of encryption if you don't want the password data to be seen.