[SOGo] Exception in processing of unicode strings
Ivanov Dmitri
sogo@opengroupware.org
Wed, 21 Nov 2007 16:57:41 +0300
>=20
> On 21.11.2007, at 10:12, Ivanov Dmitri wrote:
> > 172.16.0.215 - - [21/Nov/2007:11:57:28 GMT] "POST /SOGo/so/connect?=20
> > userName=3Divanov_dv&password=3DXXXXXX HTTP/1.1" 204 0/0 0.478 - - =
992K
>=20
>=20
> Oh oh, *major* security flaw! The password is transferred in the =20
> URL??? Or did you add that manually for your debugging?
> [its already a POST, so no reason to transfer the password in the URL]
>=20
You are right, but how can I avoid this?
There are too few details about how to configure all this stuff :(=20
However, I thought about using of stunel or mod_ssl in order to secure
tranfers thru internet (in case we will use SOGo instead of OWA).
Inside the local network we will use Thunderbird's CalDAV plugin, but I
suppose, the same happens when Thunderbird posts user auth data to
SOGo...
Best regards,
Dmitri=20