From users-return-33830-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Fri Dec 13 11:20:50 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 1BF2318064E for ; Fri, 13 Dec 2019 12:20:50 +0100 (CET) Received: (qmail 67266 invoked by uid 500); 13 Dec 2019 11:20:49 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 67254 invoked by uid 99); 13 Dec 2019 11:20:48 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Dec 2019 11:20:48 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 1BD631A342A for ; Fri, 13 Dec 2019 11:20:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id BmiorCVE66v8 for ; Fri, 13 Dec 2019 11:20:45 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.208.53; helo=mail-ed1-f53.google.com; envelope-from=andrija.panic@gmail.com; receiver= Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 6FADABC509 for ; Fri, 13 Dec 2019 11:20:45 +0000 (UTC) Received: by mail-ed1-f53.google.com with SMTP id v16so1742389edy.6 for ; Fri, 13 Dec 2019 03:20:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=RwnRg6d8hpgsKOfqZi5UHGFjhnxpYnxA/6jRlLsENlU=; b=Y8ztswDdaALKwh2IDhecUpkQsn6CMS4O9/AEWeQ8tdiNr8USByHAnWpGd9esi9AChg sLJ6Lyx+gVWVGHRUJUfncKMNA3aO/qowDPcp1B3N/qdTWUNLGxOh9LUO61UTZuDhAHxO 7Z7MMG0JQP5Dc4jmvE8BKQpAYwYxTki7MBCERWDyTD8N0AJheCI5q4iq3ekHgQiu0Uo6 6bUS/zk1UcATEFoM6tmcqLXoeKgX/im3Wlnyf8+j+ksooYWhF1KE6IpKXfNRM+azgR6L h7g3jkFB/XZ5cF7U5Dr1P/pVMGi0mYgII6ccxxQv4Nnpn3pYrRMSPn1mphvyvxNo5mN+ YpCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=RwnRg6d8hpgsKOfqZi5UHGFjhnxpYnxA/6jRlLsENlU=; b=EGeObRM10XMyp4aRyYcRQA6Y7GlgvWnohHVbC3mdjUxecQ0q7sKJja03icXSxkPDjT gvb/WhDiJcRL6LvsTyqVGY2V2H2abN+PkHpiiwLKJpXCx4zffw/sQfh1UcLmcKYgqd8p HVf5CBQ19NbcH2xDR/GFlGmmkaKo7W0Bd0CjHTIWyqb6BdrNeQGdUjavvdT49/5+Qtdv 7XlQ6UrxV0gPZJyyzK3JQAP6FnQYtJUeBgYP2ir0jurPo7qU2jZr6mxL7d7E/yRdx3do D12ZnB5ntzA4xeLsMT/SLp5CX0xJecW5iBtzj9K4lGmASGqS0xvWlVhKjuaCZPfg4qKh Ma8g== X-Gm-Message-State: APjAAAW8r0Fx6381x/Zo0Sk49oWwQw/vMOBYoyQrDoBgEMjJDDAfB649 884O/xOIO5pPXs3NVNoeNcu4yf6QVVn5K72P3/g1mg== X-Google-Smtp-Source: APXvYqxgxQtsmKdfRdStFcIxNsM/vLOqQFHPOxUk09ad15Ifr6xKezP2HF4fT/Usdk1tTkAYM9BpoYsou11LctIQBQY= X-Received: by 2002:a17:906:6bce:: with SMTP id t14mr3804395ejs.115.1576236044118; Fri, 13 Dec 2019 03:20:44 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Andrija Panic Date: Fri, 13 Dec 2019 12:20:28 +0100 Message-ID: Subject: Re: Password in URL To: users Content-Type: multipart/alternative; boundary="0000000000007df0a20599940de0" --0000000000007df0a20599940de0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Password IS sent in the clear text when you log in initially - you can check that via developer tools while doing a successful login. On Fri, 13 Dec 2019 at 11:15, Thomas Joseph wrote: > It must be a design feature then, you can redirect it to the dev group. > > With regards > Thomas > > On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, > wrote: > > > Hi Thomas > > > > 443, the concern is its displayed in full view on the screen. > > > > Version 4.11 btw > > > > Thanks > > > > Adam > > > > -----Original Message----- > > From: Thomas Joseph > > Sent: 13 December 2019 08:55 > > To: users@cloudstack.apache.org > > Subject: Re: Password in URL > > > > ** This mail originated from OUTSIDE the Oakford corporate network. Tre= at > > hyperlinks and attachments in this email with caution. ** > > > > Hello Adam > > > > Are you using port 80 instead for 443 for the console login? > > > > With regards > > Thomas > > > > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, > > wrote: > > > > > Sorry, its not a hash it is the password! > > > > > > -----Original Message----- > > > From: Adam Witwicki > > > Sent: 13 December 2019 08:32 > > > To: users@cloudstack.apache.org > > > Subject: Password in URL > > > > > > ** This mail originated from OUTSIDE the Oakford corporate network. > > > Treat hyperlinks and attachments in this email with caution. ** > > > > > > Hello, > > > > > > When I have failed logon (cloudstack is unable to read from database) > > > the redirected url shows the password hash > > > > > > /client/?username=3Dadmin&password=3DMASKMASKMASKMASK&domain=3D&langu= age=3D > > > > > > Is this an issue? > > > > > > Thanks > > > > > > Adam > > > > > > > > > > > > Disclaimer Notice: > > > This email has been sent by Oakford Technology Limited, while we have > > > checked this e-mail and any attachments for viruses, we can not > > > guarantee that they are virus-free. You must therefore take full > > > responsibility for virus checking. > > > This message and any attachments are confidential and should only be > > > read by those to whom they are addressed. If you are not the intended > > > recipient, please contact us, delete the message from your computer > > > and destroy any copies. Any distribution or copying without our prior > > > permission is prohibited. > > > Internet communications are not always secure and therefore Oakford > > > Technology Limited does not accept legal responsibility for this > message. > > > The recipient is responsible for verifying its authenticity before > > > acting on the contents. Any views or opinions presented are solely > > > those of the author and do not necessarily represent those of Oakford > > Technology Limited. > > > Registered address: Oakford Technology Limited, The Manor House, > > > Potterne, Wiltshire. SN10 5PN. > > > Registered in England and Wales No. 5971519 > > > > > > Disclaimer Notice: > > > This email has been sent by Oakford Technology Limited, while we have > > > checked this e-mail and any attachments for viruses, we can not > > > guarantee that they are virus-free. You must therefore take full > > > responsibility for virus checking. > > > This message and any attachments are confidential and should only be > > > read by those to whom they are addressed. If you are not the intended > > > recipient, please contact us, delete the message from your computer > > > and destroy any copies. Any distribution or copying without our prior > > > permission is prohibited. > > > Internet communications are not always secure and therefore Oakford > > > Technology Limited does not accept legal responsibility for this > message. > > > The recipient is responsible for verifying its authenticity before > > > acting on the contents. Any views or opinions presented are solely > > > those of the author and do not necessarily represent those of Oakford > > Technology Limited. > > > Registered address: Oakford Technology Limited, The Manor House, > > > Potterne, Wiltshire. SN10 5PN. > > > Registered in England and Wales No. 5971519 > > > > > > > > Disclaimer Notice: > > This email has been sent by Oakford Technology Limited, while we have > > checked this e-mail and any attachments for viruses, we can not guarant= ee > > that they are virus-free. You must therefore take full responsibility f= or > > virus checking. > > This message and any attachments are confidential and should only be re= ad > > by those to whom they are addressed. If you are not the intended > recipient, > > please contact us, delete the message from your computer and destroy an= y > > copies. Any distribution or copying without our prior permission is > > prohibited. > > Internet communications are not always secure and therefore Oakford > > Technology Limited does not accept legal responsibility for this messag= e. > > The recipient is responsible for verifying its authenticity before acti= ng > > on the contents. Any views or opinions presented are solely those of th= e > > author and do not necessarily represent those of Oakford Technology > Limited. > > Registered address: Oakford Technology Limited, The Manor House, > Potterne, > > Wiltshire. SN10 5PN. > > Registered in England and Wales No. 5971519 > > > > > --=20 Andrija Pani=C4=87 --0000000000007df0a20599940de0--