Re: Passwords in URLs

2011-10-03 Thread Kali Obsum
To: arslist@ARSLIST.ORG Subject: Passwords in URLs ** Hi, I'm pretty sure there's no resolution to this, but I wanted to ask the list anyway. A user (using the user tool) recently noticed that his password is displayed in clear text on an error message (see the red box on the attached screenshot

Re: Passwords in URLs

2011-09-27 Thread Axton
Me thinks the solutions is to deprecate the User Tool. If accessing DV plugins from a midtier session, the current session information is used to load the DV plugin and populate the DVF. How does one initiate an SSO session from a native tool if an SSO session is not established in the context

Passwords in URLs

2011-09-24 Thread John Baker
David Encrypting the password is a useful step, but not a very useful step as essentially the password is still there and could be decrypted, and if one has a copy of the Mid Tier jar files, it's probably achievable in about 2 minutes. This would almost certainly fail a security audit. The

Passwords in URLs

2011-09-23 Thread Thad Esser
Hi, I'm pretty sure there's no resolution to this, but I wanted to ask the list anyway. A user (using the user tool) recently noticed that his password is displayed in clear text on an error message (see the red box on the attached screenshot). He happened to be building a PDT for SRM at the

Re: Passwords in URLs

2011-09-23 Thread Rick Cook
I thought they fixed that? Could you hide the error in the message catalog as a workaround? Rick On Sep 23, 2011 4:59 PM, Thad Esser thad.es...@gmail.com wrote: Hi, I'm pretty sure there's no resolution to this, but I wanted to ask the list anyway. A user (using the user tool) recently

Re: Passwords in URLs

2011-09-23 Thread David Durling
, September 23, 2011 4:59 PM To: arslist@ARSLIST.ORG Subject: Passwords in URLs ** Hi, I'm pretty sure there's no resolution to this, but I wanted to ask the list anyway. A user (using the user tool) recently noticed that his password is displayed in clear text on an error message (see the red box

Re: Passwords in URLs

2011-09-23 Thread Thad Esser
) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Thad Esser *Sent:* Friday, September 23, 2011 4:59 PM *To:* arslist@ARSLIST.ORG *Subject:* Passwords in URLs ** ** ** Hi, I'm pretty sure there's no resolution to this, but I wanted to ask the list anyway. A user (using

Re: Passwords in URLs

2011-09-23 Thread Axton
notes. ** ** David Durling University of Georgia ** ** *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Thad Esser *Sent:* Friday, September 23, 2011 4:59 PM *To:* arslist@ARSLIST.ORG *Subject:* Passwords in URLs