On 09/13/2018 11:48 AM, Peter Smythe wrote: > Hi Richard > > I log the HTTP header Authorization in Tomcat/HAProxy/Apache and this > will give you the base64 username:password that you see in WireShark, etc.: > > Tomcat/Apache: "%{Authorization}i" > > HAProxy: > capture request header Authorization len 50 > log-format "... %{+Q}hrl ..." > > I'm not sure how to base64 decode automatically, so I just leave it > encoded, which is good enough for differentiating per username.
Hi Peter, Thanks, yes that is what I came up finally, just after I sent the email. But security-wise I cannot do that, in our case the Windows passwords will be in all logs (Base64 encoded, but that is one line of grep away from harvesting all username/passwords :( ) . So decoding/splitting on the fly would be ok. But even better would be if Geoserver hands it over to the logs. Regards, Richard _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel