JSON-RPC GET User.login security
Max Kanat-Alexander
mkanat at bugzilla.org
Wed Nov 10 00:32:58 UTC 2010
On 11/09/2010 04:23 PM, Frédéric Buclin wrote:
> If allowed, wouldn't this display the password in clear in the web
> server log file (/var/log/httpd/access_log)?
It would.
However, we more or less have to allow it for JSONP support--the
Bugzilla_login and Bugzilla_password URL parameters are the only secure
solution for cross-domain authentication.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
More information about the developers
mailing list