You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "Zhong,Jason (JIRA)" <ji...@apache.org> on 2016/02/17 11:34:18 UTC

[jira] [Closed] (KYLIN-1425) [Fortify] Insecure password submission in login page

     [ https://issues.apache.org/jira/browse/KYLIN-1425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Zhong,Jason closed KYLIN-1425.
------------------------------
    Resolution: Fixed

>  [Fortify] Insecure password submission in login page
> -----------------------------------------------------
>
>                 Key: KYLIN-1425
>                 URL: https://issues.apache.org/jira/browse/KYLIN-1425
>             Project: Kylin
>          Issue Type: Bug
>    Affects Versions: v2.0, v1.0
>            Reporter: Lola Liu
>            Assignee: Zhong,Jason
>         Attachments: password[1].png
>
>
> login.html submits a password as part of an HTTP GET request on line 41, which will cause the password to be displayed, logged, and stored in the browser cache.
> In console we can see when user login, there will be 2 authentication requests, 1 is POST and the other is GET.(Please refer to attached image)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)