Project

General

Profile

Actions
Copy link

Bug #6124

closed

Use POST for all login requests

Added by ben leinfelder about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
ben leinfelder
Target version:
1.1.0
Start date:
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

Matt was looking through the apache log and noticed that we log our get request URIs:

24.237.18.41 - - [04/Oct/2013:12:03:35 -0700] "GET /knb/cgi-bin/register-dataset.cgi?stage=login&username=uid%3Djones%2Co%3DNCEAS%2Cdc%3Decoinformatics%2Cdc%3Dorg&cfg=metacatui&uid=jones&organization=NCEAS&password=XXXX&loginAction=Login HTTP/1.1" 200 821 "https://knb.ecoinformatics.org/m/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36"

(password removed here)

We should make sure MetacatUI does not use GET for login actions.

Actions
Copy link
 #1

Updated by ben leinfelder about 11 years ago

  • Description updated (diff)
  • Assignee set to ben leinfelder
Actions
Copy link
 #2

Updated by ben leinfelder about 11 years ago

  • Project changed from Metacat to MetacatUI
  • Status changed from New to Closed
  • Target version changed from 2.2.0 to 1.1.0

Changed RegistryView to explicitly use $.post() method for submitting login form. Now I just see the post in the logs:

dev2.nceas.ucsb.edu:80 128.111.220.119 - - [04/Oct/2013:15:08:01 -0700] "POST /metacat/cgi-bin/register-dataset.cgi HTTP/1.1" 200 557 "http://dev2.nceas.ucsb.edu/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17"
Actions
Copy link

Also available in: Atom PDF