(and assuming you are using SSL/443 - that's not a problem in that sense) On Fri, 13 Dec 2019 at 12:20, Andrija Panic <andrija.pa...@gmail.com> wrote:
> Password IS sent in the clear text when you log in initially - you can > check that via developer tools while doing a successful login. > > On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <thomas.jo...@gmail.com> > wrote: > >> It must be a design feature then, you can redirect it to the dev group. >> >> With regards >> Thomas >> >> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <awitwi...@oakfordis.com> >> wrote: >> >> > Hi Thomas >> > >> > 443, the concern is its displayed in full view on the screen. >> > >> > Version 4.11 btw >> > >> > Thanks >> > >> > Adam >> > >> > -----Original Message----- >> > From: Thomas Joseph <thomas.jo...@gmail.com> >> > Sent: 13 December 2019 08:55 >> > To: users@cloudstack.apache.org >> > Subject: Re: Password in URL >> > >> > ** This mail originated from OUTSIDE the Oakford corporate network. >> Treat >> > hyperlinks and attachments in this email with caution. ** >> > >> > Hello Adam >> > >> > Are you using port 80 instead for 443 for the console login? >> > >> > With regards >> > Thomas >> > >> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <awitwi...@oakfordis.com> >> > wrote: >> > >> > > Sorry, its not a hash it is the password! >> > > >> > > -----Original Message----- >> > > From: Adam Witwicki <awitwi...@oakfordis.com> >> > > Sent: 13 December 2019 08:32 >> > > To: users@cloudstack.apache.org >> > > Subject: Password in URL >> > > >> > > ** This mail originated from OUTSIDE the Oakford corporate network. >> > > Treat hyperlinks and attachments in this email with caution. ** >> > > >> > > Hello, >> > > >> > > When I have failed logon (cloudstack is unable to read from database) >> > > the redirected url shows the password hash >> > > >> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&language= >> > > >> > > Is this an issue? >> > > >> > > Thanks >> > > >> > > Adam >> > > >> > > >> > > >> > > Disclaimer Notice: >> > > This email has been sent by Oakford Technology Limited, while we have >> > > checked this e-mail and any attachments for viruses, we can not >> > > guarantee that they are virus-free. You must therefore take full >> > > responsibility for virus checking. >> > > This message and any attachments are confidential and should only be >> > > read by those to whom they are addressed. If you are not the intended >> > > recipient, please contact us, delete the message from your computer >> > > and destroy any copies. Any distribution or copying without our prior >> > > permission is prohibited. >> > > Internet communications are not always secure and therefore Oakford >> > > Technology Limited does not accept legal responsibility for this >> message. >> > > The recipient is responsible for verifying its authenticity before >> > > acting on the contents. Any views or opinions presented are solely >> > > those of the author and do not necessarily represent those of Oakford >> > Technology Limited. >> > > Registered address: Oakford Technology Limited, The Manor House, >> > > Potterne, Wiltshire. SN10 5PN. >> > > Registered in England and Wales No. 5971519 >> > > >> > > Disclaimer Notice: >> > > This email has been sent by Oakford Technology Limited, while we have >> > > checked this e-mail and any attachments for viruses, we can not >> > > guarantee that they are virus-free. You must therefore take full >> > > responsibility for virus checking. >> > > This message and any attachments are confidential and should only be >> > > read by those to whom they are addressed. If you are not the intended >> > > recipient, please contact us, delete the message from your computer >> > > and destroy any copies. Any distribution or copying without our prior >> > > permission is prohibited. >> > > Internet communications are not always secure and therefore Oakford >> > > Technology Limited does not accept legal responsibility for this >> message. >> > > The recipient is responsible for verifying its authenticity before >> > > acting on the contents. Any views or opinions presented are solely >> > > those of the author and do not necessarily represent those of Oakford >> > Technology Limited. >> > > Registered address: Oakford Technology Limited, The Manor House, >> > > Potterne, Wiltshire. SN10 5PN. >> > > Registered in England and Wales No. 5971519 >> > > >> > > >> > Disclaimer Notice: >> > This email has been sent by Oakford Technology Limited, while we have >> > checked this e-mail and any attachments for viruses, we can not >> guarantee >> > that they are virus-free. You must therefore take full responsibility >> for >> > virus checking. >> > This message and any attachments are confidential and should only be >> read >> > by those to whom they are addressed. If you are not the intended >> recipient, >> > please contact us, delete the message from your computer and destroy any >> > copies. Any distribution or copying without our prior permission is >> > prohibited. >> > Internet communications are not always secure and therefore Oakford >> > Technology Limited does not accept legal responsibility for this >> message. >> > The recipient is responsible for verifying its authenticity before >> acting >> > on the contents. Any views or opinions presented are solely those of the >> > author and do not necessarily represent those of Oakford Technology >> Limited. >> > Registered address: Oakford Technology Limited, The Manor House, >> Potterne, >> > Wiltshire. SN10 5PN. >> > Registered in England and Wales No. 5971519 >> > >> > >> > > > -- > > Andrija Panić > -- Andrija Panić
