Modify ↓
Opened 15 years ago
Closed 15 years ago
#3580 closed defect (fixed)
[PATCH] Don't send username/password for GET request
Reported by: | anonymous | Owned by: | bastiK |
---|---|---|---|
Priority: | trivial | Milestone: | |
Component: | Core | Version: | |
Keywords: | Cc: |
Description
Increase security by using the plaintext password/username only when really needed.
Attachments (1)
Change History (4)
comment:1 by , 15 years ago
Owner: | changed from | to
---|
by , 15 years ago
Attachment: | auth.patch added |
---|
comment:2 by , 15 years ago
Summary: | Don't send username/password for GET request → [PATCH] Don't send username/password for GET request |
---|
comment:3 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Don't send authorisation for "GET / capabilities" requests.