JSON-RPC GET User.login security

Frédéric Buclin lpsolit at gmail.com
Wed Nov 10 00:23:16 UTC 2010

Previous message (by thread): JSON-RPC GET User.login security
Next message (by thread): JSON-RPC GET User.login security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 10. 11. 10 01:16, Max Kanat-Alexander a écrit :
> 	Hey there. Right now, we deny calling the "User.login" method when
> using the GET method for JSON-RPC calls. Is there actually any good
> security-based reason to do so?

If allowed, wouldn't this display the password in clear in the web
server log file (/var/log/httpd/access_log)?

LpSolit

Previous message (by thread): JSON-RPC GET User.login security
Next message (by thread): JSON-RPC GET User.login security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the developers mailing list