Bug #6124: Use POST for all login requests - MetacatUI - Ecoinformatics Redmine

Actions

Copy link

Bug #6124

closed

Use POST for all login requests

Added by ben leinfelder about 11 years ago. Updated about 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

ben leinfelder

Target version:

1.1.0

Start date:

Due date:

% Done:

Estimated time:

Bugzilla-Id:

Description

Matt was looking through the apache log and noticed that we log our get request URIs:

24.237.18.41 - - [04/Oct/2013:12:03:35 -0700] "GET /knb/cgi-bin/register-dataset.cgi?stage=login&username=uid%3Djones%2Co%3DNCEAS%2Cdc%3Decoinformatics%2Cdc%3Dorg&cfg=metacatui&uid=jones&organization=NCEAS&password=XXXX&loginAction=Login HTTP/1.1" 200 821 "https://knb.ecoinformatics.org/m/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36"

(password removed here)

We should make sure MetacatUI does not use GET for login actions.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

MetacatUI

Custom queries

Bug #6124

Use POST for all login requests

Updated by ben leinfelder about 11 years ago

Updated by ben leinfelder about 11 years ago