cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Password in URL
Date Fri, 13 Dec 2019 11:39:18 GMT
that's not the best thing to happen, true - please send to dev@ list
(and don't allow people looking at your screen :) )

On Fri, 13 Dec 2019 at 12:29, Adam Witwicki <awitwicki@oakfordis.com> wrote:

> But its then displayed on the users screen - where anyone can see it?
>
> Thanks
>
> Adam
>
> -----Original Message-----
> From: Andrija Panic <andrija.panic@gmail.com>
> Sent: 13 December 2019 11:21
> To: users <users@cloudstack.apache.org>
> Subject: Re: Password in URL
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> (and assuming you are using SSL/443 - that's not a problem in that sense)
>
> On Fri, 13 Dec 2019 at 12:20, Andrija Panic <andrija.panic@gmail.com>
> wrote:
>
> > Password IS sent in the clear text when you log in initially - you can
> > check that via developer tools while doing a successful login.
> >
> > On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <thomas.job07@gmail.com>
> > wrote:
> >
> >> It must be a design feature then, you can redirect it to the dev group.
> >>
> >> With regards
> >> Thomas
> >>
> >> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <awitwicki@oakfordis.com>
> >> wrote:
> >>
> >> > Hi Thomas
> >> >
> >> > 443, the concern is its displayed in full view on the screen.
> >> >
> >> > Version 4.11 btw
> >> >
> >> > Thanks
> >> >
> >> > Adam
> >> >
> >> > -----Original Message-----
> >> > From: Thomas Joseph <thomas.job07@gmail.com>
> >> > Sent: 13 December 2019 08:55
> >> > To: users@cloudstack.apache.org
> >> > Subject: Re: Password in URL
> >> >
> >> > ** This mail originated from OUTSIDE the Oakford corporate network.
> >> Treat
> >> > hyperlinks and attachments in this email with caution. **
> >> >
> >> > Hello Adam
> >> >
> >> > Are you using port 80 instead for 443 for the console login?
> >> >
> >> > With regards
> >> > Thomas
> >> >
> >> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki,
> >> > <awitwicki@oakfordis.com>
> >> > wrote:
> >> >
> >> > > Sorry, its not a hash it is the password!
> >> > >
> >> > > -----Original Message-----
> >> > > From: Adam Witwicki <awitwicki@oakfordis.com>
> >> > > Sent: 13 December 2019 08:32
> >> > > To: users@cloudstack.apache.org
> >> > > Subject: Password in URL
> >> > >
> >> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> >> > > Treat hyperlinks and attachments in this email with caution. **
> >> > >
> >> > > Hello,
> >> > >
> >> > > When I have failed logon (cloudstack is unable to read from
> >> > > database) the redirected url shows the password hash
> >> > >
> >> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&languag
> >> > > e=
> >> > >
> >> > > Is this an issue?
> >> > >
> >> > > Thanks
> >> > >
> >> > > Adam
> >> > >
> >> > >
> >> > >
> >> > > Disclaimer Notice:
> >> > > This email has been sent by Oakford Technology Limited, while we
> >> > > have checked this e-mail and any attachments for viruses, we can
> >> > > not guarantee that they are virus-free. You must therefore take
> >> > > full responsibility for virus checking.
> >> > > This message and any attachments are confidential and should only
> >> > > be read by those to whom they are addressed. If you are not the
> >> > > intended recipient, please contact us, delete the message from
> >> > > your computer and destroy any copies. Any distribution or copying
> >> > > without our prior permission is prohibited.
> >> > > Internet communications are not always secure and therefore
> >> > > Oakford Technology Limited does not accept legal responsibility
> >> > > for this
> >> message.
> >> > > The recipient is responsible for verifying its authenticity
> >> > > before acting on the contents. Any views or opinions presented
> >> > > are solely those of the author and do not necessarily represent
> >> > > those of Oakford
> >> > Technology Limited.
> >> > > Registered address: Oakford Technology Limited, The Manor House,
> >> > > Potterne, Wiltshire. SN10 5PN.
> >> > > Registered in England and Wales No. 5971519
> >> > >
> >> > > Disclaimer Notice:
> >> > > This email has been sent by Oakford Technology Limited, while we
> >> > > have checked this e-mail and any attachments for viruses, we can
> >> > > not guarantee that they are virus-free. You must therefore take
> >> > > full responsibility for virus checking.
> >> > > This message and any attachments are confidential and should only
> >> > > be read by those to whom they are addressed. If you are not the
> >> > > intended recipient, please contact us, delete the message from
> >> > > your computer and destroy any copies. Any distribution or copying
> >> > > without our prior permission is prohibited.
> >> > > Internet communications are not always secure and therefore
> >> > > Oakford Technology Limited does not accept legal responsibility
> >> > > for this
> >> message.
> >> > > The recipient is responsible for verifying its authenticity
> >> > > before acting on the contents. Any views or opinions presented
> >> > > are solely those of the author and do not necessarily represent
> >> > > those of Oakford
> >> > Technology Limited.
> >> > > Registered address: Oakford Technology Limited, The Manor House,
> >> > > Potterne, Wiltshire. SN10 5PN.
> >> > > Registered in England and Wales No. 5971519
> >> > >
> >> > >
> >> > Disclaimer Notice:
> >> > This email has been sent by Oakford Technology Limited, while we
> >> > have checked this e-mail and any attachments for viruses, we can
> >> > not
> >> guarantee
> >> > that they are virus-free. You must therefore take full
> >> > responsibility
> >> for
> >> > virus checking.
> >> > This message and any attachments are confidential and should only
> >> > be
> >> read
> >> > by those to whom they are addressed. If you are not the intended
> >> recipient,
> >> > please contact us, delete the message from your computer and
> >> > destroy any copies. Any distribution or copying without our prior
> >> > permission is prohibited.
> >> > Internet communications are not always secure and therefore Oakford
> >> > Technology Limited does not accept legal responsibility for this
> >> message.
> >> > The recipient is responsible for verifying its authenticity before
> >> acting
> >> > on the contents. Any views or opinions presented are solely those
> >> > of the author and do not necessarily represent those of Oakford
> >> > Technology
> >> Limited.
> >> > Registered address: Oakford Technology Limited, The Manor House,
> >> Potterne,
> >> > Wiltshire. SN10 5PN.
> >> > Registered in England and Wales No. 5971519
> >> >
> >> >
> >>
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
>
> Andrija Panić
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House, Potterne,
> Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
>

-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message