Modify

Opened 15 years ago

Closed 15 years ago

#3580 closed defect (fixed)

[PATCH] Don't send username/password for GET request

Reported by: anonymous Owned by: bastiK
Priority: trivial Milestone:
Component: Core Version:
Keywords: Cc:

Description

Increase security by using the plaintext password/username only when really needed.

Attachments (1)

auth.patch (2.2 KB ) - added by bastiK 15 years ago.
Don't send authorisation for "GET / capabilities" requests.

Download all attachments as: .zip

Change History (4)

comment:1 by bastiK, 15 years ago

Owner: changed from team to bastiK

by bastiK, 15 years ago

Attachment: auth.patch added

Don't send authorisation for "GET / capabilities" requests.

comment:2 by bastiK, 15 years ago

Summary: Don't send username/password for GET request[PATCH] Don't send username/password for GET request

comment:3 by stoecker, 15 years ago

Resolution: fixed
Status: newclosed

(In [2222]) fixed #3580 - patch by bastiK - no longer send username/password for capabilities GET request

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain bastiK.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.