that's not the best thing to happen, true - please send to dev@ list (and don't allow people looking at your screen :) )
On Fri, 13 Dec 2019 at 12:29, Adam Witwicki <awitwi...@oakfordis.com> wrote: > But its then displayed on the users screen - where anyone can see it? > > Thanks > > Adam > > -----Original Message----- > From: Andrija Panic <andrija.pa...@gmail.com> > Sent: 13 December 2019 11:21 > To: users <users@cloudstack.apache.org> > Subject: Re: Password in URL > > ** This mail originated from OUTSIDE the Oakford corporate network. Treat > hyperlinks and attachments in this email with caution. ** > > (and assuming you are using SSL/443 - that's not a problem in that sense) > > On Fri, 13 Dec 2019 at 12:20, Andrija Panic <andrija.pa...@gmail.com> > wrote: > > > Password IS sent in the clear text when you log in initially - you can > > check that via developer tools while doing a successful login. > > > > On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <thomas.jo...@gmail.com> > > wrote: > > > >> It must be a design feature then, you can redirect it to the dev group. > >> > >> With regards > >> Thomas > >> > >> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <awitwi...@oakfordis.com> > >> wrote: > >> > >> > Hi Thomas > >> > > >> > 443, the concern is its displayed in full view on the screen. > >> > > >> > Version 4.11 btw > >> > > >> > Thanks > >> > > >> > Adam > >> > > >> > -----Original Message----- > >> > From: Thomas Joseph <thomas.jo...@gmail.com> > >> > Sent: 13 December 2019 08:55 > >> > To: users@cloudstack.apache.org > >> > Subject: Re: Password in URL > >> > > >> > ** This mail originated from OUTSIDE the Oakford corporate network. > >> Treat > >> > hyperlinks and attachments in this email with caution. ** > >> > > >> > Hello Adam > >> > > >> > Are you using port 80 instead for 443 for the console login? > >> > > >> > With regards > >> > Thomas > >> > > >> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, > >> > <awitwi...@oakfordis.com> > >> > wrote: > >> > > >> > > Sorry, its not a hash it is the password! > >> > > > >> > > -----Original Message----- > >> > > From: Adam Witwicki <awitwi...@oakfordis.com> > >> > > Sent: 13 December 2019 08:32 > >> > > To: users@cloudstack.apache.org > >> > > Subject: Password in URL > >> > > > >> > > ** This mail originated from OUTSIDE the Oakford corporate network. > >> > > Treat hyperlinks and attachments in this email with caution. ** > >> > > > >> > > Hello, > >> > > > >> > > When I have failed logon (cloudstack is unable to read from > >> > > database) the redirected url shows the password hash > >> > > > >> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&languag > >> > > e= > >> > > > >> > > Is this an issue? > >> > > > >> > > Thanks > >> > > > >> > > Adam > >> > > > >> > > > >> > > > >> > > Disclaimer Notice: > >> > > This email has been sent by Oakford Technology Limited, while we > >> > > have checked this e-mail and any attachments for viruses, we can > >> > > not guarantee that they are virus-free. You must therefore take > >> > > full responsibility for virus checking. > >> > > This message and any attachments are confidential and should only > >> > > be read by those to whom they are addressed. If you are not the > >> > > intended recipient, please contact us, delete the message from > >> > > your computer and destroy any copies. Any distribution or copying > >> > > without our prior permission is prohibited. > >> > > Internet communications are not always secure and therefore > >> > > Oakford Technology Limited does not accept legal responsibility > >> > > for this > >> message. > >> > > The recipient is responsible for verifying its authenticity > >> > > before acting on the contents. Any views or opinions presented > >> > > are solely those of the author and do not necessarily represent > >> > > those of Oakford > >> > Technology Limited. > >> > > Registered address: Oakford Technology Limited, The Manor House, > >> > > Potterne, Wiltshire. SN10 5PN. > >> > > Registered in England and Wales No. 5971519 > >> > > > >> > > Disclaimer Notice: > >> > > This email has been sent by Oakford Technology Limited, while we > >> > > have checked this e-mail and any attachments for viruses, we can > >> > > not guarantee that they are virus-free. You must therefore take > >> > > full responsibility for virus checking. > >> > > This message and any attachments are confidential and should only > >> > > be read by those to whom they are addressed. If you are not the > >> > > intended recipient, please contact us, delete the message from > >> > > your computer and destroy any copies. Any distribution or copying > >> > > without our prior permission is prohibited. > >> > > Internet communications are not always secure and therefore > >> > > Oakford Technology Limited does not accept legal responsibility > >> > > for this > >> message. > >> > > The recipient is responsible for verifying its authenticity > >> > > before acting on the contents. Any views or opinions presented > >> > > are solely those of the author and do not necessarily represent > >> > > those of Oakford > >> > Technology Limited. > >> > > Registered address: Oakford Technology Limited, The Manor House, > >> > > Potterne, Wiltshire. SN10 5PN. > >> > > Registered in England and Wales No. 5971519 > >> > > > >> > > > >> > Disclaimer Notice: > >> > This email has been sent by Oakford Technology Limited, while we > >> > have checked this e-mail and any attachments for viruses, we can > >> > not > >> guarantee > >> > that they are virus-free. You must therefore take full > >> > responsibility > >> for > >> > virus checking. > >> > This message and any attachments are confidential and should only > >> > be > >> read > >> > by those to whom they are addressed. If you are not the intended > >> recipient, > >> > please contact us, delete the message from your computer and > >> > destroy any copies. Any distribution or copying without our prior > >> > permission is prohibited. > >> > Internet communications are not always secure and therefore Oakford > >> > Technology Limited does not accept legal responsibility for this > >> message. > >> > The recipient is responsible for verifying its authenticity before > >> acting > >> > on the contents. Any views or opinions presented are solely those > >> > of the author and do not necessarily represent those of Oakford > >> > Technology > >> Limited. > >> > Registered address: Oakford Technology Limited, The Manor House, > >> Potterne, > >> > Wiltshire. SN10 5PN. > >> > Registered in England and Wales No. 5971519 > >> > > >> > > >> > > > > > > -- > > > > Andrija Panić > > > > > -- > > Andrija Panić > Disclaimer Notice: > This email has been sent by Oakford Technology Limited, while we have > checked this e-mail and any attachments for viruses, we can not guarantee > that they are virus-free. You must therefore take full responsibility for > virus checking. > This message and any attachments are confidential and should only be read > by those to whom they are addressed. If you are not the intended recipient, > please contact us, delete the message from your computer and destroy any > copies. Any distribution or copying without our prior permission is > prohibited. > Internet communications are not always secure and therefore Oakford > Technology Limited does not accept legal responsibility for this message. > The recipient is responsible for verifying its authenticity before acting > on the contents. Any views or opinions presented are solely those of the > author and do not necessarily represent those of Oakford Technology Limited. > Registered address: Oakford Technology Limited, The Manor House, Potterne, > Wiltshire. SN10 5PN. > Registered in England and Wales No. 5971519 > > -- Andrija Panić
