[one-users] ONE 4.6.2 - passwords in URL

Paul Reilly pareilly at tcd.ie
Fri Jul 18 04:23:39 PDT 2014


Hello,

I'm evaluating open nebula 4.6.2 in a university environment. Unfortunately
some of our users use Internet Explorer 11 with compatibility mode enabled.
They need this for other sites. When this is enabled, and they log in to
Open Nebula, their username and password is passed in clear text in the
URL, and is also saved in their browsing history, like this:

https://onetest.uni.edu/?username=joe&password=OpenSesame

We have LDAP authentication to active directory configured, so it's a
security concern if their username and password is sent in clear text in
the request URL.

Does anyone know why this happens, and how to fix it?

Thank you,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140718/463602a2/attachment.htm>


More information about the Users mailing list