cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Mehta <Nitin.Me...@citrix.com>
Subject RE: MS UI - addHost call is a GET and the password of the host goes as cleartext
Date Fri, 20 Jul 2012 17:00:35 GMT
Good point. I think it hasn't been issue so far since it's an admin only call but its better
to make this POST. But, I am not sure about other commands like addVPNUser which are authorized
for all the accounts. Are they also GET?

-----Original Message-----
From: Koushik Das [mailto:koushik.das@citrix.com] 
Sent: Friday, July 20, 2012 2:36 AM
To: cloudstack-users@incubator.apache.org
Subject: MS UI - addHost call is a GET and the password of the host goes as cleartext

The request URL may get logged in Tomcat and that may lead to security issues. Any call having
such data should be a POST.

Thanks,
Koushik

Mime
View raw message