You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kylin.apache.org by "Lola Liu (JIRA)" <ji...@apache.org> on 2016/02/17 09:49:18 UTC
[jira] [Created] (KYLIN-1425) [Fortify] Insecure password
submission in login page
Lola Liu created KYLIN-1425:
-------------------------------
Summary: [Fortify] Insecure password submission in login page
Key: KYLIN-1425
URL: https://issues.apache.org/jira/browse/KYLIN-1425
Project: Kylin
Issue Type: Bug
Affects Versions: v1.0, v2.0
Reporter: Lola Liu
Assignee: Zhong,Jason
login.html submits a password as part of an HTTP GET request on line 41, which will cause the password to be displayed, logged, and stored in the browser cache.
In console we can see when user login, there will be 2 authentication requests, 1 is POST and the other is GET.(Please refer to attached image)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)