Project

General

Profile

Actions

Bug #6124

closed

Use POST for all login requests

Added by ben leinfelder about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

Matt was looking through the apache log and noticed that we log our get request URIs:

24.237.18.41 - - [04/Oct/2013:12:03:35 -0700] "GET /knb/cgi-bin/register-dataset.cgi?stage=login&username=uid%3Djones%2Co%3DNCEAS%2Cdc%3Decoinformatics%2Cdc%3Dorg&cfg=metacatui&uid=jones&organization=NCEAS&password=XXXX&loginAction=Login HTTP/1.1" 200 821 "https://knb.ecoinformatics.org/m/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36" 

(password removed here)

We should make sure MetacatUI does not use GET for login actions.

Actions

Also available in: Atom PDF