From users-return-33829-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Fri Dec 13 10:15:14 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id D29B418064E for ; Fri, 13 Dec 2019 11:15:13 +0100 (CET) Received: (qmail 72251 invoked by uid 500); 13 Dec 2019 10:15:12 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 72239 invoked by uid 99); 13 Dec 2019 10:15:12 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Dec 2019 10:15:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id C4970C20A4 for ; Fri, 13 Dec 2019 10:15:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.251 X-Spam-Level: X-Spam-Status: No, score=0.251 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id ga3o62N2uxbv for ; Fri, 13 Dec 2019 10:15:10 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::42c; helo=mail-wr1-x42c.google.com; envelope-from=thomas.job07@gmail.com; receiver= Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id CD13D7DDAC for ; Fri, 13 Dec 2019 10:15:09 +0000 (UTC) Received: by mail-wr1-x42c.google.com with SMTP id b6so6063124wrq.0 for ; Fri, 13 Dec 2019 02:15:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=b6KhksPPQJsYU9LsHHqVmVbmxY4ZbPjAie5SeapaAOs=; b=eSrAID1dkvk0TcSCktnY4SKfSgNWWCKNCtaXi4TqcBFTtWAa2rzvnnoQA+FjOdl1+9 9Kpx8y+Y3/CvAPiG33nPbL+GbwvuAT2Ih2GjTo+bvFOikbqzvoGe3H/3rklN4r3z8hiZ PcrMC96idpmK875QpfntGTOpUGxeaFuF8fn5UzJjs0Lwf6yHHTIz+4JZRi+xwRNXToJM jodCofrbkUSy/OwYXuYwvMggawb6/+1Z4cdW01FjhMeKujRglKD9f5XFYwfReDOks/td 8l04ihpw4MS4llzilB5tcJCIJveA1v20ccWWYCu9E5dtv0P43j1RcyTxTuNRI6L97mBC zKyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=b6KhksPPQJsYU9LsHHqVmVbmxY4ZbPjAie5SeapaAOs=; b=Mmb730IfEOu0nDnwH/LG8NVZeT2c8H6OwQu7o+1tVVrW+AhBOrzO3akWqVpvaA5bLY KrEAtzkelQHfeE6+opgEJ4NZsdFh2kNqXfZLuqMVLMWW7REv+UXgFfEoPPDw0310ziY7 hM5tDUPtG4XoDyCUTt6Lro3POXBt4PUiKD8bLPtdcFokSMtao/lztq7XDnBpa+dbNM+5 L8SpaYMjQ0/dwt+SfWyLsiwQ/2XJ61pbmPQQ8TySJzBsgbeLCgF1flfp4q+6a2byXoG4 9H9wZZnlcSN7XrqyW9e9zlqfM3ia38vtjWdW5jdDEjqwVzYRJCehr06UCYAld4v7tRa9 kKPA== X-Gm-Message-State: APjAAAXME6Eq+UUI81E/dIlGmMCSkxmSXhP4az0Rahx6h87Rjf7zuAlo 0OwNk2qJNIxPLiU+Thtkgh1y5jffAqiba286aa82lg== X-Google-Smtp-Source: APXvYqy+uB3xkSf4Fq1IWcyOXhMRyefE2R6xDKSmj8kfFfo6e17b2eqGAUHEACNNvkkeGKksmi2LGnnKOljNMDxfcnQ= X-Received: by 2002:a5d:4651:: with SMTP id j17mr12332128wrs.237.1576232109169; Fri, 13 Dec 2019 02:15:09 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Thomas Joseph Date: Fri, 13 Dec 2019 10:14:58 +0000 Message-ID: Subject: Re: Password in URL To: users@cloudstack.apache.org Content-Type: multipart/alternative; boundary="000000000000f36142059993221f" --000000000000f36142059993221f Content-Type: text/plain; charset="UTF-8" It must be a design feature then, you can redirect it to the dev group. With regards Thomas On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, wrote: > Hi Thomas > > 443, the concern is its displayed in full view on the screen. > > Version 4.11 btw > > Thanks > > Adam > > -----Original Message----- > From: Thomas Joseph > Sent: 13 December 2019 08:55 > To: users@cloudstack.apache.org > Subject: Re: Password in URL > > ** This mail originated from OUTSIDE the Oakford corporate network. Treat > hyperlinks and attachments in this email with caution. ** > > Hello Adam > > Are you using port 80 instead for 443 for the console login? > > With regards > Thomas > > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, > wrote: > > > Sorry, its not a hash it is the password! > > > > -----Original Message----- > > From: Adam Witwicki > > Sent: 13 December 2019 08:32 > > To: users@cloudstack.apache.org > > Subject: Password in URL > > > > ** This mail originated from OUTSIDE the Oakford corporate network. > > Treat hyperlinks and attachments in this email with caution. ** > > > > Hello, > > > > When I have failed logon (cloudstack is unable to read from database) > > the redirected url shows the password hash > > > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&language= > > > > Is this an issue? > > > > Thanks > > > > Adam > > > > > > > > Disclaimer Notice: > > This email has been sent by Oakford Technology Limited, while we have > > checked this e-mail and any attachments for viruses, we can not > > guarantee that they are virus-free. You must therefore take full > > responsibility for virus checking. > > This message and any attachments are confidential and should only be > > read by those to whom they are addressed. If you are not the intended > > recipient, please contact us, delete the message from your computer > > and destroy any copies. Any distribution or copying without our prior > > permission is prohibited. > > Internet communications are not always secure and therefore Oakford > > Technology Limited does not accept legal responsibility for this message. > > The recipient is responsible for verifying its authenticity before > > acting on the contents. Any views or opinions presented are solely > > those of the author and do not necessarily represent those of Oakford > Technology Limited. > > Registered address: Oakford Technology Limited, The Manor House, > > Potterne, Wiltshire. SN10 5PN. > > Registered in England and Wales No. 5971519 > > > > Disclaimer Notice: > > This email has been sent by Oakford Technology Limited, while we have > > checked this e-mail and any attachments for viruses, we can not > > guarantee that they are virus-free. You must therefore take full > > responsibility for virus checking. > > This message and any attachments are confidential and should only be > > read by those to whom they are addressed. If you are not the intended > > recipient, please contact us, delete the message from your computer > > and destroy any copies. Any distribution or copying without our prior > > permission is prohibited. > > Internet communications are not always secure and therefore Oakford > > Technology Limited does not accept legal responsibility for this message. > > The recipient is responsible for verifying its authenticity before > > acting on the contents. Any views or opinions presented are solely > > those of the author and do not necessarily represent those of Oakford > Technology Limited. > > Registered address: Oakford Technology Limited, The Manor House, > > Potterne, Wiltshire. SN10 5PN. > > Registered in England and Wales No. 5971519 > > > > > Disclaimer Notice: > This email has been sent by Oakford Technology Limited, while we have > checked this e-mail and any attachments for viruses, we can not guarantee > that they are virus-free. You must therefore take full responsibility for > virus checking. > This message and any attachments are confidential and should only be read > by those to whom they are addressed. If you are not the intended recipient, > please contact us, delete the message from your computer and destroy any > copies. Any distribution or copying without our prior permission is > prohibited. > Internet communications are not always secure and therefore Oakford > Technology Limited does not accept legal responsibility for this message. > The recipient is responsible for verifying its authenticity before acting > on the contents. Any views or opinions presented are solely those of the > author and do not necessarily represent those of Oakford Technology Limited. > Registered address: Oakford Technology Limited, The Manor House, Potterne, > Wiltshire. SN10 5PN. > Registered in England and Wales No. 5971519 > > --000000000000f36142059993221f--