There is already an open bug (https://issues.apache.org/jira/browse/CLOUDSTACK-6311). Essentially the same wording for the password parameter should be used in login, CreateUser, and UpdateUser: the password should be sent as clear text.
-----Original Message----- From: Sebastien Goasguen [mailto:run...@gmail.com] Sent: Wednesday, April 16, 2014 12:16 PM To: dev@cloudstack.apache.org Subject: Re: login API with MD5 is not working On Apr 16, 2014, at 12:56 PM, Demetrius Tsitrelis <demetrius.tsitre...@citrix.com> wrote: > One problem is that the API documentation > (https://cloudstack.apache.org/docs/api/apidocs-4.3/root_admin/login.h > tml) still says that the password should be hashed. The docs are out > of date; send the password in plain text. Demetrius, can you give me the correct description for the apidoc ? I can make that change. > > And - think about security. DON'T use HTTP GET or the query > parameters you send will be saved in the caches of all intermediate > servers. Also DO use HTTPS. > > -----Original Message----- > From: Tejas Gadaria [mailto:refond.g...@gmail.com] > Sent: Tuesday, April 15, 2014 2:02 AM > To: dev@cloudstack.apache.org > Subject: login API with MD5 is not working > > Hi, > > I am trying to login in to CS 4.3 though login API. > > I am passing MD5 hash (1st) in password that works fine with CS 4.0.2 > but same doesn't works well with CS 4.3. Then I try to pass password > in plain text ( > 2nd) & it worked, Is this a bug? > > Both APIs are given below, > > > 1) > http://10.129.151.55:8080/client/api?&command=login&username=admin&pas > sword=5f4dcc3b5aa765d61d8327deb882cf99 > > > 2) > http://10.129.151.55:8080/client/api?&command=login&username=admin&pas > sword=password > > Regards, > Tejas
smime.p7s
Description: S/MIME cryptographic signature
