On 09/13/2018 11:48 AM, Peter Smythe wrote:
> Hi Richard
>
> I log the HTTP header Authorization in Tomcat/HAProxy/Apache and this
> will give you the base64 username:password that you see in WireShark, etc.:
>
> Tomcat/Apache: "%{Authorization}i"
>
> HAProxy:
> capture request header Authorization len 50
> log-format "... %{+Q}hrl ..."
>
> I'm not sure how to base64 decode automatically, so I just leave it
> encoded, which is good enough for differentiating per username.
Hi Peter,
Thanks, yes that is what I came up finally, just after I sent the email.
But security-wise I cannot do that, in our case the Windows passwords
will be in all logs (Base64 encoded, but that is one line of grep away
from harvesting all username/passwords :( ) .
So decoding/splitting on the fly would be ok. But even better would be
if Geoserver hands it over to the logs.
Regards,
Richard
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
