To: arslist@ARSLIST.ORG
Subject: Passwords in URLs
**
Hi,
I'm pretty sure there's no resolution to this, but I wanted to ask the
list anyway. A user (using the user tool) recently noticed that his
password is displayed in clear text on an error message (see the red box
on the attached screenshot
Me thinks the solutions is to deprecate the User Tool. If accessing DV
plugins from a midtier session, the current session information is used to
load the DV plugin and populate the DVF. How does one initiate an SSO
session from a native tool if an SSO session is not established in the
context
David
Encrypting the password is a useful step, but not a very useful step as
essentially the password is still there and could be decrypted, and if one has
a copy of the Mid Tier jar files, it's probably achievable in about 2 minutes.
This would almost certainly fail a security audit.
The
Hi,
I'm pretty sure there's no resolution to this, but I wanted to ask the list
anyway. A user (using the user tool) recently noticed that his password is
displayed in clear text on an error message (see the red box on the attached
screenshot). He happened to be building a PDT for SRM at the
I thought they fixed that? Could you hide the error in the message catalog
as a workaround?
Rick
On Sep 23, 2011 4:59 PM, Thad Esser thad.es...@gmail.com wrote:
Hi,
I'm pretty sure there's no resolution to this, but I wanted to ask the
list
anyway. A user (using the user tool) recently
, September 23, 2011 4:59 PM
To: arslist@ARSLIST.ORG
Subject: Passwords in URLs
**
Hi,
I'm pretty sure there's no resolution to this, but I wanted to ask the list
anyway. A user (using the user tool) recently noticed that his password is
displayed in clear text on an error message (see the red box
) [mailto:
arslist@ARSLIST.ORG] *On Behalf Of *Thad Esser
*Sent:* Friday, September 23, 2011 4:59 PM
*To:* arslist@ARSLIST.ORG
*Subject:* Passwords in URLs
** **
**
Hi,
I'm pretty sure there's no resolution to this, but I wanted to ask the list
anyway. A user (using
notes.
** **
David Durling
University of Georgia
** **
*From:* Action Request System discussion list(ARSList) [mailto:
arslist@ARSLIST.ORG] *On Behalf Of *Thad Esser
*Sent:* Friday, September 23, 2011 4:59 PM
*To:* arslist@ARSLIST.ORG
*Subject:* Passwords in URLs
8 matches
Mail list logo