#3623 Use POST in forms handling passwords
Closed: fixed 5 years ago Opened 10 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 961866

When handling passwords in forms like http(s)://youripaserver.com/ipa/ui/reset_password.html, we should specifically use POST method instead of GET to avoid having user passwords logged in apache's `access` log.

The problem exists only in the case of misconfiguration.

Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: Ticket Backlog

7 years ago

reset_password.html uses POST for at least four years now.

Metadata Update from @cheimes:
- Issue close_status updated to: fixed

5 years ago

Login to comment on this ticket.

Metadata