Password in URL

Tallitha_Winckelmann · December 30, 2003, 5:21pm

Hello,

I have a problem with the login in RT 3.0.7. When I submit user and password both go to URL. Show the password in the URL, what's  not secure!
The form method is GET because with POST doesn't work! What I do? Please.

Tallitha Campos

Autrijus_Tang · January 3, 2004, 7:32pm

Hello,
I have a problem with the login in RT 3.0.7. When I submit user
and password both go to URL. Show the password in the URL,
what’s not secure! The form method is GET because with POST
doesn’t work! What I do? Please.

I have made a RT extension that uses javascript and MD5 to securely
login from an unencrypted http channel, which should solve your problem,
as long as you are using the standard Elements/Login WebUI, and the
browser has javascript enabled.

It is available as RTx::MD5Auth from CPAN and here:

http://aut.dyndns.org/dist/RTx-MD5Auth-0.01.tar.gz
MD5 (RTx-MD5Auth-0.01.tar.gz) = 56bac893db83df21c8eca522c30b655a

Thanks,
/Autrijus/

auth.tgz (8.62 KB)

Jesse_Vincent · January 3, 2004, 7:45pm

Hello,
I have a problem with the login in RT 3.0.7. When I submit user
and password both go to URL. Show the password in the URL,
what’s not secure! The form method is GET because with POST
doesn’t work! What I do? Please.

Though it sounds like you’ve gotten a bad redhat build of mod_perl and
then hand-hacked RT to work around it, something that just won’t work.

Request Tracker — Best Practical Solutions – Trouble Ticketing. Free.