cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Witwicki <awitwi...@oakfordis.com>
Subject RE: Password in URL
Date Fri, 13 Dec 2019 11:29:38 GMT
But its then displayed on the users screen - where anyone can see it?

Thanks

Adam

-----Original Message-----
From: Andrija Panic <andrija.panic@gmail.com>
Sent: 13 December 2019 11:21
To: users <users@cloudstack.apache.org>
Subject: Re: Password in URL

** This mail originated from OUTSIDE the Oakford corporate network. Treat hyperlinks and attachments
in this email with caution. **

(and assuming you are using SSL/443 - that's not a problem in that sense)

On Fri, 13 Dec 2019 at 12:20, Andrija Panic <andrija.panic@gmail.com> wrote:

> Password IS sent in the clear text when you log in initially - you can
> check that via developer tools while doing a successful login.
>
> On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <thomas.job07@gmail.com>
> wrote:
>
>> It must be a design feature then, you can redirect it to the dev group.
>>
>> With regards
>> Thomas
>>
>> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <awitwicki@oakfordis.com>
>> wrote:
>>
>> > Hi Thomas
>> >
>> > 443, the concern is its displayed in full view on the screen.
>> >
>> > Version 4.11 btw
>> >
>> > Thanks
>> >
>> > Adam
>> >
>> > -----Original Message-----
>> > From: Thomas Joseph <thomas.job07@gmail.com>
>> > Sent: 13 December 2019 08:55
>> > To: users@cloudstack.apache.org
>> > Subject: Re: Password in URL
>> >
>> > ** This mail originated from OUTSIDE the Oakford corporate network.
>> Treat
>> > hyperlinks and attachments in this email with caution. **
>> >
>> > Hello Adam
>> >
>> > Are you using port 80 instead for 443 for the console login?
>> >
>> > With regards
>> > Thomas
>> >
>> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki,
>> > <awitwicki@oakfordis.com>
>> > wrote:
>> >
>> > > Sorry, its not a hash it is the password!
>> > >
>> > > -----Original Message-----
>> > > From: Adam Witwicki <awitwicki@oakfordis.com>
>> > > Sent: 13 December 2019 08:32
>> > > To: users@cloudstack.apache.org
>> > > Subject: Password in URL
>> > >
>> > > ** This mail originated from OUTSIDE the Oakford corporate network.
>> > > Treat hyperlinks and attachments in this email with caution. **
>> > >
>> > > Hello,
>> > >
>> > > When I have failed logon (cloudstack is unable to read from
>> > > database) the redirected url shows the password hash
>> > >
>> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&languag
>> > > e=
>> > >
>> > > Is this an issue?
>> > >
>> > > Thanks
>> > >
>> > > Adam
>> > >
>> > >
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we
>> > > have checked this e-mail and any attachments for viruses, we can
>> > > not guarantee that they are virus-free. You must therefore take
>> > > full responsibility for virus checking.
>> > > This message and any attachments are confidential and should only
>> > > be read by those to whom they are addressed. If you are not the
>> > > intended recipient, please contact us, delete the message from
>> > > your computer and destroy any copies. Any distribution or copying
>> > > without our prior permission is prohibited.
>> > > Internet communications are not always secure and therefore
>> > > Oakford Technology Limited does not accept legal responsibility
>> > > for this
>> message.
>> > > The recipient is responsible for verifying its authenticity
>> > > before acting on the contents. Any views or opinions presented
>> > > are solely those of the author and do not necessarily represent
>> > > those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we
>> > > have checked this e-mail and any attachments for viruses, we can
>> > > not guarantee that they are virus-free. You must therefore take
>> > > full responsibility for virus checking.
>> > > This message and any attachments are confidential and should only
>> > > be read by those to whom they are addressed. If you are not the
>> > > intended recipient, please contact us, delete the message from
>> > > your computer and destroy any copies. Any distribution or copying
>> > > without our prior permission is prohibited.
>> > > Internet communications are not always secure and therefore
>> > > Oakford Technology Limited does not accept legal responsibility
>> > > for this
>> message.
>> > > The recipient is responsible for verifying its authenticity
>> > > before acting on the contents. Any views or opinions presented
>> > > are solely those of the author and do not necessarily represent
>> > > those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > >
>> > Disclaimer Notice:
>> > This email has been sent by Oakford Technology Limited, while we
>> > have checked this e-mail and any attachments for viruses, we can
>> > not
>> guarantee
>> > that they are virus-free. You must therefore take full
>> > responsibility
>> for
>> > virus checking.
>> > This message and any attachments are confidential and should only
>> > be
>> read
>> > by those to whom they are addressed. If you are not the intended
>> recipient,
>> > please contact us, delete the message from your computer and
>> > destroy any copies. Any distribution or copying without our prior
>> > permission is prohibited.
>> > Internet communications are not always secure and therefore Oakford
>> > Technology Limited does not accept legal responsibility for this
>> message.
>> > The recipient is responsible for verifying its authenticity before
>> acting
>> > on the contents. Any views or opinions presented are solely those
>> > of the author and do not necessarily represent those of Oakford
>> > Technology
>> Limited.
>> > Registered address: Oakford Technology Limited, The Manor House,
>> Potterne,
>> > Wiltshire. SN10 5PN.
>> > Registered in England and Wales No. 5971519
>> >
>> >
>>
>
>
> --
>
> Andrija Panić
>


--

Andrija Panić
Disclaimer Notice:
This email has been sent by Oakford Technology Limited, while we have checked this e-mail
and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore
take full responsibility for virus checking.
This message and any attachments are confidential and should only be read by those to whom
they are addressed. If you are not the intended recipient, please contact us, delete the message
from your computer and destroy any copies. Any distribution or copying without our prior permission
is prohibited.
Internet communications are not always secure and therefore Oakford Technology Limited does
not accept legal responsibility for this message. The recipient is responsible for verifying
its authenticity before acting on the contents. Any views or opinions presented are solely
those of the author and do not necessarily represent those of Oakford Technology Limited.
Registered address: Oakford Technology Limited, The Manor House, Potterne, Wiltshire. SN10
5PN.
Registered in England and Wales No. 5971519

Mime
View raw message