[gatein-issues] [JBoss JIRA] Updated: (GTNPORTAL-2082) j_security_check request is sent as GET method.
Takayuki Konishi (JIRA)
jira-events at lists.jboss.org
Wed Sep 7 08:07:26 EDT 2011
[ https://issues.jboss.org/browse/GTNPORTAL-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Takayuki Konishi updated GTNPORTAL-2082:
----------------------------------------
Forum Reference: (was: https://na7.salesforce.com/500A0000007s8m2)
> j_security_check request is sent as GET method.
> -----------------------------------------------
>
> Key: GTNPORTAL-2082
> URL: https://issues.jboss.org/browse/GTNPORTAL-2082
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 3.2.0-M01
> Reporter: Takayuki Konishi
>
> j_sequrity_check request is sent like:
> http://localhost:8080/portal/private/j_security_check?j_username=root&j_password=wci-ticket-1044265597&initialURI=/portal/private/classic
> The "root" value is user typed value and recorded in a browser history and server side logs like access_log of apache that not expected to record such sensitive information.
> It causes some problems of security like a shoulder hacking in client side and it put an unnecessary burden to server administrators because they have to manage sensitive information in logs.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list