Bug #6124
Updated by ben leinfelder over 10 years ago
Matt was looking through the apache log and noticed that we log our get request URIs:
<pre>
24.237.18.41 - - [04/Oct/2013:12:03:35 -0700] "GET /knb/cgi-bin/register-dataset.cgi?stage=login&username=uid%3Djones%2Co%3DNCEAS%2Cdc%3Decoinformatics%2Cdc%3Dorg&cfg=metacatui&uid=jones&organization=NCEAS&password=XXXX&loginAction=Login HTTP/1.1" 200 821 "https://knb.ecoinformatics.org/m/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36"
</pre>
(password removed here)
We should make sure MetacatUI does not use GET for login actions.