You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Adam Witwicki <aw...@oakfordis.com> on 2019/12/13 08:31:46 UTC
Password in URL
Hello,
When I have failed logon (cloudstack is unable to read from database) the redirected url shows the password hash
/client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
Is this an issue?
Thanks
Adam
Disclaimer Notice:
This email has been sent by Oakford Technology Limited, while we have checked this e-mail and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore take full responsibility for virus checking.
This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please contact us, delete the message from your computer and destroy any copies. Any distribution or copying without our prior permission is prohibited.
Internet communications are not always secure and therefore Oakford Technology Limited does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oakford Technology Limited.
Registered address: Oakford Technology Limited, The Manor House, Potterne, Wiltshire. SN10 5PN.
Registered in England and Wales No. 5971519
Re: Password in URL
Posted by Andrija Panic <an...@gmail.com>.
that's not the best thing to happen, true - please send to dev@ list
(and don't allow people looking at your screen :) )
On Fri, 13 Dec 2019 at 12:29, Adam Witwicki <aw...@oakfordis.com> wrote:
> But its then displayed on the users screen - where anyone can see it?
>
> Thanks
>
> Adam
>
> -----Original Message-----
> From: Andrija Panic <an...@gmail.com>
> Sent: 13 December 2019 11:21
> To: users <us...@cloudstack.apache.org>
> Subject: Re: Password in URL
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> (and assuming you are using SSL/443 - that's not a problem in that sense)
>
> On Fri, 13 Dec 2019 at 12:20, Andrija Panic <an...@gmail.com>
> wrote:
>
> > Password IS sent in the clear text when you log in initially - you can
> > check that via developer tools while doing a successful login.
> >
> > On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <th...@gmail.com>
> > wrote:
> >
> >> It must be a design feature then, you can redirect it to the dev group.
> >>
> >> With regards
> >> Thomas
> >>
> >> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <aw...@oakfordis.com>
> >> wrote:
> >>
> >> > Hi Thomas
> >> >
> >> > 443, the concern is its displayed in full view on the screen.
> >> >
> >> > Version 4.11 btw
> >> >
> >> > Thanks
> >> >
> >> > Adam
> >> >
> >> > -----Original Message-----
> >> > From: Thomas Joseph <th...@gmail.com>
> >> > Sent: 13 December 2019 08:55
> >> > To: users@cloudstack.apache.org
> >> > Subject: Re: Password in URL
> >> >
> >> > ** This mail originated from OUTSIDE the Oakford corporate network.
> >> Treat
> >> > hyperlinks and attachments in this email with caution. **
> >> >
> >> > Hello Adam
> >> >
> >> > Are you using port 80 instead for 443 for the console login?
> >> >
> >> > With regards
> >> > Thomas
> >> >
> >> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki,
> >> > <aw...@oakfordis.com>
> >> > wrote:
> >> >
> >> > > Sorry, its not a hash it is the password!
> >> > >
> >> > > -----Original Message-----
> >> > > From: Adam Witwicki <aw...@oakfordis.com>
> >> > > Sent: 13 December 2019 08:32
> >> > > To: users@cloudstack.apache.org
> >> > > Subject: Password in URL
> >> > >
> >> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> >> > > Treat hyperlinks and attachments in this email with caution. **
> >> > >
> >> > > Hello,
> >> > >
> >> > > When I have failed logon (cloudstack is unable to read from
> >> > > database) the redirected url shows the password hash
> >> > >
> >> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&languag
> >> > > e=
> >> > >
> >> > > Is this an issue?
> >> > >
> >> > > Thanks
> >> > >
> >> > > Adam
> >> > >
> >> > >
> >> > >
> >> > > Disclaimer Notice:
> >> > > This email has been sent by Oakford Technology Limited, while we
> >> > > have checked this e-mail and any attachments for viruses, we can
> >> > > not guarantee that they are virus-free. You must therefore take
> >> > > full responsibility for virus checking.
> >> > > This message and any attachments are confidential and should only
> >> > > be read by those to whom they are addressed. If you are not the
> >> > > intended recipient, please contact us, delete the message from
> >> > > your computer and destroy any copies. Any distribution or copying
> >> > > without our prior permission is prohibited.
> >> > > Internet communications are not always secure and therefore
> >> > > Oakford Technology Limited does not accept legal responsibility
> >> > > for this
> >> message.
> >> > > The recipient is responsible for verifying its authenticity
> >> > > before acting on the contents. Any views or opinions presented
> >> > > are solely those of the author and do not necessarily represent
> >> > > those of Oakford
> >> > Technology Limited.
> >> > > Registered address: Oakford Technology Limited, The Manor House,
> >> > > Potterne, Wiltshire. SN10 5PN.
> >> > > Registered in England and Wales No. 5971519
> >> > >
> >> > > Disclaimer Notice:
> >> > > This email has been sent by Oakford Technology Limited, while we
> >> > > have checked this e-mail and any attachments for viruses, we can
> >> > > not guarantee that they are virus-free. You must therefore take
> >> > > full responsibility for virus checking.
> >> > > This message and any attachments are confidential and should only
> >> > > be read by those to whom they are addressed. If you are not the
> >> > > intended recipient, please contact us, delete the message from
> >> > > your computer and destroy any copies. Any distribution or copying
> >> > > without our prior permission is prohibited.
> >> > > Internet communications are not always secure and therefore
> >> > > Oakford Technology Limited does not accept legal responsibility
> >> > > for this
> >> message.
> >> > > The recipient is responsible for verifying its authenticity
> >> > > before acting on the contents. Any views or opinions presented
> >> > > are solely those of the author and do not necessarily represent
> >> > > those of Oakford
> >> > Technology Limited.
> >> > > Registered address: Oakford Technology Limited, The Manor House,
> >> > > Potterne, Wiltshire. SN10 5PN.
> >> > > Registered in England and Wales No. 5971519
> >> > >
> >> > >
> >> > Disclaimer Notice:
> >> > This email has been sent by Oakford Technology Limited, while we
> >> > have checked this e-mail and any attachments for viruses, we can
> >> > not
> >> guarantee
> >> > that they are virus-free. You must therefore take full
> >> > responsibility
> >> for
> >> > virus checking.
> >> > This message and any attachments are confidential and should only
> >> > be
> >> read
> >> > by those to whom they are addressed. If you are not the intended
> >> recipient,
> >> > please contact us, delete the message from your computer and
> >> > destroy any copies. Any distribution or copying without our prior
> >> > permission is prohibited.
> >> > Internet communications are not always secure and therefore Oakford
> >> > Technology Limited does not accept legal responsibility for this
> >> message.
> >> > The recipient is responsible for verifying its authenticity before
> >> acting
> >> > on the contents. Any views or opinions presented are solely those
> >> > of the author and do not necessarily represent those of Oakford
> >> > Technology
> >> Limited.
> >> > Registered address: Oakford Technology Limited, The Manor House,
> >> Potterne,
> >> > Wiltshire. SN10 5PN.
> >> > Registered in England and Wales No. 5971519
> >> >
> >> >
> >>
> >
> >
> > --
> >
> > Andrija Panić
> >
>
>
> --
>
> Andrija Panić
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House, Potterne,
> Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
>
--
Andrija Panić
RE: Password in URL
Posted by Adam Witwicki <aw...@oakfordis.com>.
But its then displayed on the users screen - where anyone can see it?
Thanks
Adam
-----Original Message-----
From: Andrija Panic <an...@gmail.com>
Sent: 13 December 2019 11:21
To: users <us...@cloudstack.apache.org>
Subject: Re: Password in URL
** This mail originated from OUTSIDE the Oakford corporate network. Treat hyperlinks and attachments in this email with caution. **
(and assuming you are using SSL/443 - that's not a problem in that sense)
On Fri, 13 Dec 2019 at 12:20, Andrija Panic <an...@gmail.com> wrote:
> Password IS sent in the clear text when you log in initially - you can
> check that via developer tools while doing a successful login.
>
> On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <th...@gmail.com>
> wrote:
>
>> It must be a design feature then, you can redirect it to the dev group.
>>
>> With regards
>> Thomas
>>
>> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <aw...@oakfordis.com>
>> wrote:
>>
>> > Hi Thomas
>> >
>> > 443, the concern is its displayed in full view on the screen.
>> >
>> > Version 4.11 btw
>> >
>> > Thanks
>> >
>> > Adam
>> >
>> > -----Original Message-----
>> > From: Thomas Joseph <th...@gmail.com>
>> > Sent: 13 December 2019 08:55
>> > To: users@cloudstack.apache.org
>> > Subject: Re: Password in URL
>> >
>> > ** This mail originated from OUTSIDE the Oakford corporate network.
>> Treat
>> > hyperlinks and attachments in this email with caution. **
>> >
>> > Hello Adam
>> >
>> > Are you using port 80 instead for 443 for the console login?
>> >
>> > With regards
>> > Thomas
>> >
>> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki,
>> > <aw...@oakfordis.com>
>> > wrote:
>> >
>> > > Sorry, its not a hash it is the password!
>> > >
>> > > -----Original Message-----
>> > > From: Adam Witwicki <aw...@oakfordis.com>
>> > > Sent: 13 December 2019 08:32
>> > > To: users@cloudstack.apache.org
>> > > Subject: Password in URL
>> > >
>> > > ** This mail originated from OUTSIDE the Oakford corporate network.
>> > > Treat hyperlinks and attachments in this email with caution. **
>> > >
>> > > Hello,
>> > >
>> > > When I have failed logon (cloudstack is unable to read from
>> > > database) the redirected url shows the password hash
>> > >
>> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&languag
>> > > e=
>> > >
>> > > Is this an issue?
>> > >
>> > > Thanks
>> > >
>> > > Adam
>> > >
>> > >
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we
>> > > have checked this e-mail and any attachments for viruses, we can
>> > > not guarantee that they are virus-free. You must therefore take
>> > > full responsibility for virus checking.
>> > > This message and any attachments are confidential and should only
>> > > be read by those to whom they are addressed. If you are not the
>> > > intended recipient, please contact us, delete the message from
>> > > your computer and destroy any copies. Any distribution or copying
>> > > without our prior permission is prohibited.
>> > > Internet communications are not always secure and therefore
>> > > Oakford Technology Limited does not accept legal responsibility
>> > > for this
>> message.
>> > > The recipient is responsible for verifying its authenticity
>> > > before acting on the contents. Any views or opinions presented
>> > > are solely those of the author and do not necessarily represent
>> > > those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we
>> > > have checked this e-mail and any attachments for viruses, we can
>> > > not guarantee that they are virus-free. You must therefore take
>> > > full responsibility for virus checking.
>> > > This message and any attachments are confidential and should only
>> > > be read by those to whom they are addressed. If you are not the
>> > > intended recipient, please contact us, delete the message from
>> > > your computer and destroy any copies. Any distribution or copying
>> > > without our prior permission is prohibited.
>> > > Internet communications are not always secure and therefore
>> > > Oakford Technology Limited does not accept legal responsibility
>> > > for this
>> message.
>> > > The recipient is responsible for verifying its authenticity
>> > > before acting on the contents. Any views or opinions presented
>> > > are solely those of the author and do not necessarily represent
>> > > those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > >
>> > Disclaimer Notice:
>> > This email has been sent by Oakford Technology Limited, while we
>> > have checked this e-mail and any attachments for viruses, we can
>> > not
>> guarantee
>> > that they are virus-free. You must therefore take full
>> > responsibility
>> for
>> > virus checking.
>> > This message and any attachments are confidential and should only
>> > be
>> read
>> > by those to whom they are addressed. If you are not the intended
>> recipient,
>> > please contact us, delete the message from your computer and
>> > destroy any copies. Any distribution or copying without our prior
>> > permission is prohibited.
>> > Internet communications are not always secure and therefore Oakford
>> > Technology Limited does not accept legal responsibility for this
>> message.
>> > The recipient is responsible for verifying its authenticity before
>> acting
>> > on the contents. Any views or opinions presented are solely those
>> > of the author and do not necessarily represent those of Oakford
>> > Technology
>> Limited.
>> > Registered address: Oakford Technology Limited, The Manor House,
>> Potterne,
>> > Wiltshire. SN10 5PN.
>> > Registered in England and Wales No. 5971519
>> >
>> >
>>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Disclaimer Notice:
This email has been sent by Oakford Technology Limited, while we have checked this e-mail and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore take full responsibility for virus checking.
This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please contact us, delete the message from your computer and destroy any copies. Any distribution or copying without our prior permission is prohibited.
Internet communications are not always secure and therefore Oakford Technology Limited does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oakford Technology Limited.
Registered address: Oakford Technology Limited, The Manor House, Potterne, Wiltshire. SN10 5PN.
Registered in England and Wales No. 5971519
Re: Password in URL
Posted by Andrija Panic <an...@gmail.com>.
(and assuming you are using SSL/443 - that's not a problem in that sense)
On Fri, 13 Dec 2019 at 12:20, Andrija Panic <an...@gmail.com> wrote:
> Password IS sent in the clear text when you log in initially - you can
> check that via developer tools while doing a successful login.
>
> On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <th...@gmail.com>
> wrote:
>
>> It must be a design feature then, you can redirect it to the dev group.
>>
>> With regards
>> Thomas
>>
>> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <aw...@oakfordis.com>
>> wrote:
>>
>> > Hi Thomas
>> >
>> > 443, the concern is its displayed in full view on the screen.
>> >
>> > Version 4.11 btw
>> >
>> > Thanks
>> >
>> > Adam
>> >
>> > -----Original Message-----
>> > From: Thomas Joseph <th...@gmail.com>
>> > Sent: 13 December 2019 08:55
>> > To: users@cloudstack.apache.org
>> > Subject: Re: Password in URL
>> >
>> > ** This mail originated from OUTSIDE the Oakford corporate network.
>> Treat
>> > hyperlinks and attachments in this email with caution. **
>> >
>> > Hello Adam
>> >
>> > Are you using port 80 instead for 443 for the console login?
>> >
>> > With regards
>> > Thomas
>> >
>> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <aw...@oakfordis.com>
>> > wrote:
>> >
>> > > Sorry, its not a hash it is the password!
>> > >
>> > > -----Original Message-----
>> > > From: Adam Witwicki <aw...@oakfordis.com>
>> > > Sent: 13 December 2019 08:32
>> > > To: users@cloudstack.apache.org
>> > > Subject: Password in URL
>> > >
>> > > ** This mail originated from OUTSIDE the Oakford corporate network.
>> > > Treat hyperlinks and attachments in this email with caution. **
>> > >
>> > > Hello,
>> > >
>> > > When I have failed logon (cloudstack is unable to read from database)
>> > > the redirected url shows the password hash
>> > >
>> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
>> > >
>> > > Is this an issue?
>> > >
>> > > Thanks
>> > >
>> > > Adam
>> > >
>> > >
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we have
>> > > checked this e-mail and any attachments for viruses, we can not
>> > > guarantee that they are virus-free. You must therefore take full
>> > > responsibility for virus checking.
>> > > This message and any attachments are confidential and should only be
>> > > read by those to whom they are addressed. If you are not the intended
>> > > recipient, please contact us, delete the message from your computer
>> > > and destroy any copies. Any distribution or copying without our prior
>> > > permission is prohibited.
>> > > Internet communications are not always secure and therefore Oakford
>> > > Technology Limited does not accept legal responsibility for this
>> message.
>> > > The recipient is responsible for verifying its authenticity before
>> > > acting on the contents. Any views or opinions presented are solely
>> > > those of the author and do not necessarily represent those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > > Disclaimer Notice:
>> > > This email has been sent by Oakford Technology Limited, while we have
>> > > checked this e-mail and any attachments for viruses, we can not
>> > > guarantee that they are virus-free. You must therefore take full
>> > > responsibility for virus checking.
>> > > This message and any attachments are confidential and should only be
>> > > read by those to whom they are addressed. If you are not the intended
>> > > recipient, please contact us, delete the message from your computer
>> > > and destroy any copies. Any distribution or copying without our prior
>> > > permission is prohibited.
>> > > Internet communications are not always secure and therefore Oakford
>> > > Technology Limited does not accept legal responsibility for this
>> message.
>> > > The recipient is responsible for verifying its authenticity before
>> > > acting on the contents. Any views or opinions presented are solely
>> > > those of the author and do not necessarily represent those of Oakford
>> > Technology Limited.
>> > > Registered address: Oakford Technology Limited, The Manor House,
>> > > Potterne, Wiltshire. SN10 5PN.
>> > > Registered in England and Wales No. 5971519
>> > >
>> > >
>> > Disclaimer Notice:
>> > This email has been sent by Oakford Technology Limited, while we have
>> > checked this e-mail and any attachments for viruses, we can not
>> guarantee
>> > that they are virus-free. You must therefore take full responsibility
>> for
>> > virus checking.
>> > This message and any attachments are confidential and should only be
>> read
>> > by those to whom they are addressed. If you are not the intended
>> recipient,
>> > please contact us, delete the message from your computer and destroy any
>> > copies. Any distribution or copying without our prior permission is
>> > prohibited.
>> > Internet communications are not always secure and therefore Oakford
>> > Technology Limited does not accept legal responsibility for this
>> message.
>> > The recipient is responsible for verifying its authenticity before
>> acting
>> > on the contents. Any views or opinions presented are solely those of the
>> > author and do not necessarily represent those of Oakford Technology
>> Limited.
>> > Registered address: Oakford Technology Limited, The Manor House,
>> Potterne,
>> > Wiltshire. SN10 5PN.
>> > Registered in England and Wales No. 5971519
>> >
>> >
>>
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
Re: Password in URL
Posted by Andrija Panic <an...@gmail.com>.
Password IS sent in the clear text when you log in initially - you can
check that via developer tools while doing a successful login.
On Fri, 13 Dec 2019 at 11:15, Thomas Joseph <th...@gmail.com> wrote:
> It must be a design feature then, you can redirect it to the dev group.
>
> With regards
> Thomas
>
> On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <aw...@oakfordis.com>
> wrote:
>
> > Hi Thomas
> >
> > 443, the concern is its displayed in full view on the screen.
> >
> > Version 4.11 btw
> >
> > Thanks
> >
> > Adam
> >
> > -----Original Message-----
> > From: Thomas Joseph <th...@gmail.com>
> > Sent: 13 December 2019 08:55
> > To: users@cloudstack.apache.org
> > Subject: Re: Password in URL
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> > hyperlinks and attachments in this email with caution. **
> >
> > Hello Adam
> >
> > Are you using port 80 instead for 443 for the console login?
> >
> > With regards
> > Thomas
> >
> > On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <aw...@oakfordis.com>
> > wrote:
> >
> > > Sorry, its not a hash it is the password!
> > >
> > > -----Original Message-----
> > > From: Adam Witwicki <aw...@oakfordis.com>
> > > Sent: 13 December 2019 08:32
> > > To: users@cloudstack.apache.org
> > > Subject: Password in URL
> > >
> > > ** This mail originated from OUTSIDE the Oakford corporate network.
> > > Treat hyperlinks and attachments in this email with caution. **
> > >
> > > Hello,
> > >
> > > When I have failed logon (cloudstack is unable to read from database)
> > > the redirected url shows the password hash
> > >
> > > /client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
> > >
> > > Is this an issue?
> > >
> > > Thanks
> > >
> > > Adam
> > >
> > >
> > >
> > > Disclaimer Notice:
> > > This email has been sent by Oakford Technology Limited, while we have
> > > checked this e-mail and any attachments for viruses, we can not
> > > guarantee that they are virus-free. You must therefore take full
> > > responsibility for virus checking.
> > > This message and any attachments are confidential and should only be
> > > read by those to whom they are addressed. If you are not the intended
> > > recipient, please contact us, delete the message from your computer
> > > and destroy any copies. Any distribution or copying without our prior
> > > permission is prohibited.
> > > Internet communications are not always secure and therefore Oakford
> > > Technology Limited does not accept legal responsibility for this
> message.
> > > The recipient is responsible for verifying its authenticity before
> > > acting on the contents. Any views or opinions presented are solely
> > > those of the author and do not necessarily represent those of Oakford
> > Technology Limited.
> > > Registered address: Oakford Technology Limited, The Manor House,
> > > Potterne, Wiltshire. SN10 5PN.
> > > Registered in England and Wales No. 5971519
> > >
> > > Disclaimer Notice:
> > > This email has been sent by Oakford Technology Limited, while we have
> > > checked this e-mail and any attachments for viruses, we can not
> > > guarantee that they are virus-free. You must therefore take full
> > > responsibility for virus checking.
> > > This message and any attachments are confidential and should only be
> > > read by those to whom they are addressed. If you are not the intended
> > > recipient, please contact us, delete the message from your computer
> > > and destroy any copies. Any distribution or copying without our prior
> > > permission is prohibited.
> > > Internet communications are not always secure and therefore Oakford
> > > Technology Limited does not accept legal responsibility for this
> message.
> > > The recipient is responsible for verifying its authenticity before
> > > acting on the contents. Any views or opinions presented are solely
> > > those of the author and do not necessarily represent those of Oakford
> > Technology Limited.
> > > Registered address: Oakford Technology Limited, The Manor House,
> > > Potterne, Wiltshire. SN10 5PN.
> > > Registered in England and Wales No. 5971519
> > >
> > >
> > Disclaimer Notice:
> > This email has been sent by Oakford Technology Limited, while we have
> > checked this e-mail and any attachments for viruses, we can not guarantee
> > that they are virus-free. You must therefore take full responsibility for
> > virus checking.
> > This message and any attachments are confidential and should only be read
> > by those to whom they are addressed. If you are not the intended
> recipient,
> > please contact us, delete the message from your computer and destroy any
> > copies. Any distribution or copying without our prior permission is
> > prohibited.
> > Internet communications are not always secure and therefore Oakford
> > Technology Limited does not accept legal responsibility for this message.
> > The recipient is responsible for verifying its authenticity before acting
> > on the contents. Any views or opinions presented are solely those of the
> > author and do not necessarily represent those of Oakford Technology
> Limited.
> > Registered address: Oakford Technology Limited, The Manor House,
> Potterne,
> > Wiltshire. SN10 5PN.
> > Registered in England and Wales No. 5971519
> >
> >
>
--
Andrija Panić
Re: Password in URL
Posted by Thomas Joseph <th...@gmail.com>.
It must be a design feature then, you can redirect it to the dev group.
With regards
Thomas
On Fri, 13 Dec 2019, 8:57 am Adam Witwicki, <aw...@oakfordis.com> wrote:
> Hi Thomas
>
> 443, the concern is its displayed in full view on the screen.
>
> Version 4.11 btw
>
> Thanks
>
> Adam
>
> -----Original Message-----
> From: Thomas Joseph <th...@gmail.com>
> Sent: 13 December 2019 08:55
> To: users@cloudstack.apache.org
> Subject: Re: Password in URL
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hello Adam
>
> Are you using port 80 instead for 443 for the console login?
>
> With regards
> Thomas
>
> On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <aw...@oakfordis.com>
> wrote:
>
> > Sorry, its not a hash it is the password!
> >
> > -----Original Message-----
> > From: Adam Witwicki <aw...@oakfordis.com>
> > Sent: 13 December 2019 08:32
> > To: users@cloudstack.apache.org
> > Subject: Password in URL
> >
> > ** This mail originated from OUTSIDE the Oakford corporate network.
> > Treat hyperlinks and attachments in this email with caution. **
> >
> > Hello,
> >
> > When I have failed logon (cloudstack is unable to read from database)
> > the redirected url shows the password hash
> >
> > /client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
> >
> > Is this an issue?
> >
> > Thanks
> >
> > Adam
> >
> >
> >
> > Disclaimer Notice:
> > This email has been sent by Oakford Technology Limited, while we have
> > checked this e-mail and any attachments for viruses, we can not
> > guarantee that they are virus-free. You must therefore take full
> > responsibility for virus checking.
> > This message and any attachments are confidential and should only be
> > read by those to whom they are addressed. If you are not the intended
> > recipient, please contact us, delete the message from your computer
> > and destroy any copies. Any distribution or copying without our prior
> > permission is prohibited.
> > Internet communications are not always secure and therefore Oakford
> > Technology Limited does not accept legal responsibility for this message.
> > The recipient is responsible for verifying its authenticity before
> > acting on the contents. Any views or opinions presented are solely
> > those of the author and do not necessarily represent those of Oakford
> Technology Limited.
> > Registered address: Oakford Technology Limited, The Manor House,
> > Potterne, Wiltshire. SN10 5PN.
> > Registered in England and Wales No. 5971519
> >
> > Disclaimer Notice:
> > This email has been sent by Oakford Technology Limited, while we have
> > checked this e-mail and any attachments for viruses, we can not
> > guarantee that they are virus-free. You must therefore take full
> > responsibility for virus checking.
> > This message and any attachments are confidential and should only be
> > read by those to whom they are addressed. If you are not the intended
> > recipient, please contact us, delete the message from your computer
> > and destroy any copies. Any distribution or copying without our prior
> > permission is prohibited.
> > Internet communications are not always secure and therefore Oakford
> > Technology Limited does not accept legal responsibility for this message.
> > The recipient is responsible for verifying its authenticity before
> > acting on the contents. Any views or opinions presented are solely
> > those of the author and do not necessarily represent those of Oakford
> Technology Limited.
> > Registered address: Oakford Technology Limited, The Manor House,
> > Potterne, Wiltshire. SN10 5PN.
> > Registered in England and Wales No. 5971519
> >
> >
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House, Potterne,
> Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
>
RE: Password in URL
Posted by Adam Witwicki <aw...@oakfordis.com>.
Hi Thomas
443, the concern is its displayed in full view on the screen.
Version 4.11 btw
Thanks
Adam
-----Original Message-----
From: Thomas Joseph <th...@gmail.com>
Sent: 13 December 2019 08:55
To: users@cloudstack.apache.org
Subject: Re: Password in URL
** This mail originated from OUTSIDE the Oakford corporate network. Treat hyperlinks and attachments in this email with caution. **
Hello Adam
Are you using port 80 instead for 443 for the console login?
With regards
Thomas
On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <aw...@oakfordis.com> wrote:
> Sorry, its not a hash it is the password!
>
> -----Original Message-----
> From: Adam Witwicki <aw...@oakfordis.com>
> Sent: 13 December 2019 08:32
> To: users@cloudstack.apache.org
> Subject: Password in URL
>
> ** This mail originated from OUTSIDE the Oakford corporate network.
> Treat hyperlinks and attachments in this email with caution. **
>
> Hello,
>
> When I have failed logon (cloudstack is unable to read from database)
> the redirected url shows the password hash
>
> /client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
>
> Is this an issue?
>
> Thanks
>
> Adam
>
>
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not
> guarantee that they are virus-free. You must therefore take full
> responsibility for virus checking.
> This message and any attachments are confidential and should only be
> read by those to whom they are addressed. If you are not the intended
> recipient, please contact us, delete the message from your computer
> and destroy any copies. Any distribution or copying without our prior
> permission is prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before
> acting on the contents. Any views or opinions presented are solely
> those of the author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House,
> Potterne, Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not
> guarantee that they are virus-free. You must therefore take full
> responsibility for virus checking.
> This message and any attachments are confidential and should only be
> read by those to whom they are addressed. If you are not the intended
> recipient, please contact us, delete the message from your computer
> and destroy any copies. Any distribution or copying without our prior
> permission is prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before
> acting on the contents. Any views or opinions presented are solely
> those of the author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House,
> Potterne, Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
>
Disclaimer Notice:
This email has been sent by Oakford Technology Limited, while we have checked this e-mail and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore take full responsibility for virus checking.
This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please contact us, delete the message from your computer and destroy any copies. Any distribution or copying without our prior permission is prohibited.
Internet communications are not always secure and therefore Oakford Technology Limited does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oakford Technology Limited.
Registered address: Oakford Technology Limited, The Manor House, Potterne, Wiltshire. SN10 5PN.
Registered in England and Wales No. 5971519
Re: Password in URL
Posted by Thomas Joseph <th...@gmail.com>.
Hello Adam
Are you using port 80 instead for 443 for the console login?
With regards
Thomas
On Fri, 13 Dec 2019, 8:34 am Adam Witwicki, <aw...@oakfordis.com> wrote:
> Sorry, its not a hash it is the password!
>
> -----Original Message-----
> From: Adam Witwicki <aw...@oakfordis.com>
> Sent: 13 December 2019 08:32
> To: users@cloudstack.apache.org
> Subject: Password in URL
>
> ** This mail originated from OUTSIDE the Oakford corporate network. Treat
> hyperlinks and attachments in this email with caution. **
>
> Hello,
>
> When I have failed logon (cloudstack is unable to read from database) the
> redirected url shows the password hash
>
> /client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
>
> Is this an issue?
>
> Thanks
>
> Adam
>
>
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House, Potterne,
> Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
> Disclaimer Notice:
> This email has been sent by Oakford Technology Limited, while we have
> checked this e-mail and any attachments for viruses, we can not guarantee
> that they are virus-free. You must therefore take full responsibility for
> virus checking.
> This message and any attachments are confidential and should only be read
> by those to whom they are addressed. If you are not the intended recipient,
> please contact us, delete the message from your computer and destroy any
> copies. Any distribution or copying without our prior permission is
> prohibited.
> Internet communications are not always secure and therefore Oakford
> Technology Limited does not accept legal responsibility for this message.
> The recipient is responsible for verifying its authenticity before acting
> on the contents. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Oakford Technology Limited.
> Registered address: Oakford Technology Limited, The Manor House, Potterne,
> Wiltshire. SN10 5PN.
> Registered in England and Wales No. 5971519
>
>
RE: Password in URL
Posted by Adam Witwicki <aw...@oakfordis.com>.
Sorry, its not a hash it is the password!
-----Original Message-----
From: Adam Witwicki <aw...@oakfordis.com>
Sent: 13 December 2019 08:32
To: users@cloudstack.apache.org
Subject: Password in URL
** This mail originated from OUTSIDE the Oakford corporate network. Treat hyperlinks and attachments in this email with caution. **
Hello,
When I have failed logon (cloudstack is unable to read from database) the redirected url shows the password hash
/client/?username=admin&password=MASKMASKMASKMASK&domain=&language=
Is this an issue?
Thanks
Adam
Disclaimer Notice:
This email has been sent by Oakford Technology Limited, while we have checked this e-mail and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore take full responsibility for virus checking.
This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please contact us, delete the message from your computer and destroy any copies. Any distribution or copying without our prior permission is prohibited.
Internet communications are not always secure and therefore Oakford Technology Limited does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oakford Technology Limited.
Registered address: Oakford Technology Limited, The Manor House, Potterne, Wiltshire. SN10 5PN.
Registered in England and Wales No. 5971519
Disclaimer Notice:
This email has been sent by Oakford Technology Limited, while we have checked this e-mail and any attachments for viruses, we can not guarantee that they are virus-free. You must therefore take full responsibility for virus checking.
This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please contact us, delete the message from your computer and destroy any copies. Any distribution or copying without our prior permission is prohibited.
Internet communications are not always secure and therefore Oakford Technology Limited does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Oakford Technology Limited.
Registered address: Oakford Technology Limited, The Manor House, Potterne, Wiltshire. SN10 5PN.
Registered in England and Wales No. 5971519