You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/02/11 05:38:00 UTC

[jira] [Assigned] (GUACAMOLE-956) Migrate away from including auth token within REST API URLs

     [ https://issues.apache.org/jira/browse/GUACAMOLE-956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike Jumper reassigned GUACAMOLE-956:
-------------------------------------

    Assignee: Mike Jumper

> Migrate away from including auth token within REST API URLs
> -----------------------------------------------------------
>
>                 Key: GUACAMOLE-956
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-956
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole
>            Reporter: Mike Jumper
>            Assignee: Mike Jumper
>            Priority: Minor
>
> Guacamole's current REST API relies on including the user's auth token within the {{token}} query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters.
> We should instead leverage HTTP headers, allowing the {{token}} parameter to be used only for compatibility's sake.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)