cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Password in URL
Date Fri, 13 Dec 2019 11:20:59 GMT
(and assuming you are using SSL/443 - that's not a problem in that sense)

On Fri, 13 Dec 2019 at 12:20, Andrija Panic <andrija.panic@gmail.com> wrote:

> Password IS sent in the clear text when you log in initially - you can
> check that via developer tools while doing a successful login.
>
> On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <thomas.job07@gmail.com>
> wrote:
>
>> It must be a design feature then, you can redirect it to the dev group.
>>
>> With regards
>> Thomas
>>
>> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <awitwicki@oakfordis.com>
>> wrote:
>>
>> > Hi Thomas
>> >
>> > 443, the concern is its displayed in full view on the screen.
>> >
>> > Version 4.11 btw
>> >
>> > Thanks
>> >
>> > Adam
>> >
>> > -----Original Message-----
>> > From: Thomas Joseph <thomas.job07@gmail.com>
>> > Sent: 13 December 2019 08:55
>> > To: users@cloudstack.apache.org
>> > Subject: Re: Password in URL
>> >
>> > ** This mail originated from OUTSIDE the Oakford corporate network.
>> Treat
>> > hyperlinks and attachments in this email with caution. **
>> >
>> > Hello Adam
>> >
>> > Are you using port 80 instead for 443 for the console login?
>> >
>> > With regards
>> > Thomas
>> >
>> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <awitwicki@oakfordis.com>
>> > wrote:
>> >
>> > > Sorry, its not a hash it is the password!
>> > >
>> > > -----Original Message-----
>> > > From: Adam Witwicki <awitwicki@oakfordis.com>
>> > > Sent: 13 December 2019 08:32
>> > > To: users@cloudstack.apache.org
>> > > Subject: Password in URL
>> > >
>> > > ** This mail originated from OUTSIDE the Oakford corporate network.
>> > > Treat hyperlinks and attachments in this email with caution. **
>> > >
>> > > Hello,
>> > >
>> > > When I have failed logon (cloudstack is unable to read from database)
>> > > the redirected url shows the password hash
>> > >
>> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
>> > >
>> > > Is this an issue?
>> > >
>> > > Thanks
>> > >
>> > > Adam
>> > >
>> > >
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we have
>> > > checked this e-mail and any attachments for viruses, we can not
>> > > guarantee that they are virus-free. You must therefore take full
>> > > responsibility for virus checking.
>> > > This message and any attachments are confidential and should only be
>> > > read by those to whom they are addressed. If you are not the intended
>> > > recipient, please contact us, delete the message from your computer
>> > > and destroy any copies. Any distribution or copying without our prior
>> > > permission is prohibited.
>> > > Internet communications are not always secure and therefore Oakford
>> > > Technology Limited does not accept legal responsibility for this
>> message.
>> > > The recipient is responsible for verifying its authenticity before
>> > > acting on the contents. Any views or opinions presented are solely
>> > > those of the author and do not necessarily represent those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we have
>> > > checked this e-mail and any attachments for viruses, we can not
>> > > guarantee that they are virus-free. You must therefore take full
>> > > responsibility for virus checking.
>> > > This message and any attachments are confidential and should only be
>> > > read by those to whom they are addressed. If you are not the intended
>> > > recipient, please contact us, delete the message from your computer
>> > > and destroy any copies. Any distribution or copying without our prior
>> > > permission is prohibited.
>> > > Internet communications are not always secure and therefore Oakford
>> > > Technology Limited does not accept legal responsibility for this
>> message.
>> > > The recipient is responsible for verifying its authenticity before
>> > > acting on the contents. Any views or opinions presented are solely
>> > > those of the author and do not necessarily represent those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > >
>> > Disclaimer Notice:
>> > This email has been sent by Oakford Technology Limited, while we have
>> > checked this e-mail and any attachments for viruses, we can not
>> guarantee
>> > that they are virus-free. You must therefore take full responsibility
>> for
>> > virus checking.
>> > This message and any attachments are confidential and should only be
>> read
>> > by those to whom they are addressed. If you are not the intended
>> recipient,
>> > please contact us, delete the message from your computer and destroy any
>> > copies. Any distribution or copying without our prior permission is
>> > prohibited.
>> > Internet communications are not always secure and therefore Oakford
>> > Technology Limited does not accept legal responsibility for this
>> message.
>> > The recipient is responsible for verifying its authenticity before
>> acting
>> > on the contents. Any views or opinions presented are solely those of the
>> > author and do not necessarily represent those of Oakford Technology
>> Limited.
>> > Registered address: Oakford Technology Limited, The Manor House,
>> Potterne,
>> > Wiltshire. SN10 5PN.
>> > Registered in England and Wales No. 5971519
>> >
>> >
>>
>
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message