jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kinicky <kini...@gmail.com>
Subject Re: login via url parameters
Date Mon, 25 May 2009 13:32:05 GMT
yes i know about this security issue.

i'm trying to implement SSO with another system and this other system asks
for the parameters. i can use post to do the SSO but i didnt succeed so i'm
just trying the GET method now because is more clear and easy to test.

On Mon, May 25, 2009 at 10:24 AM, Andrew Jaquith <andrew.r.jaquith@gmail.com
> wrote:

> This is a very bad idea. Among other things, the GET is likely to be
> logged, which means the user's password will be exposed and recorded.
>
> What are you trying to do?
>
> Andrew
>
>
> On May 25, 2009, at 9:19, Kinicky <kinicky@gmail.com> wrote:
>
>  hi everyone,
>>
>> is it possible to login in JSPWiki by passing the parameters in URL?
>>
>> i'm tried this: http://
>> <server>/JSPWiki/Login.jsp?j_username=<username>&j_password=<password>
>>
>> tks!
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message