shindig-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Lindner (JIRA)" <>
Subject [jira] Resolved: (SHINDIG-606) Move security token to header for XMLHttpRequests?
Date Thu, 02 Dec 2010 02:41:11 GMT


Paul Lindner resolved SHINDIG-606.

       Resolution: Fixed
    Fix Version/s: 3.0.0

It's done!

> Move security token to header for XMLHttpRequests?
> --------------------------------------------------
>                 Key: SHINDIG-606
>                 URL:
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Java, PHP
>            Reporter: Evan Gilbert
>             Fix For: 3.0.0
> It seems slightly more secure if the security token were put into an HTTP header instead
of in the URL when making requests back to the server from gadgets. This way the token is
not normally logged by proxies, etc.
> We'd still probably support the URL parameter for debugging purposes.
> I'm not a security expert, possibly others with more experience can weigh in on how important
this is.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message