Project

General

Profile

Bug #6124

Use POST for all login requests

Added by ben leinfelder almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

Matt was looking through the apache log and noticed that we log our get request URIs:

24.237.18.41 - - [04/Oct/2013:12:03:35 -0700] "GET /knb/cgi-bin/register-dataset.cgi?stage=login&username=uid%3Djones%2Co%3DNCEAS%2Cdc%3Decoinformatics%2Cdc%3Dorg&cfg=metacatui&uid=jones&organization=NCEAS&password=XXXX&loginAction=Login HTTP/1.1" 200 821 "https://knb.ecoinformatics.org/m/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36" 

(password removed here)

We should make sure MetacatUI does not use GET for login actions.

History

#1 Updated by ben leinfelder almost 9 years ago

  • Assignee set to ben leinfelder
  • Description updated (diff)

#2 Updated by ben leinfelder almost 9 years ago

  • Target version changed from 2.2.0 to 1.1.0
  • Status changed from New to Closed
  • Project changed from Metacat to MetacatUI

Changed RegistryView to explicitly use $.post() method for submitting login form. Now I just see the post in the logs:

dev2.nceas.ucsb.edu:80 128.111.220.119 - - [04/Oct/2013:15:08:01 -0700] "POST /metacat/cgi-bin/register-dataset.cgi HTTP/1.1" 200 557 "http://dev2.nceas.ucsb.edu/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17" 

Also available in: Atom PDF