[
https://issues.apache.org/jira/browse/KYLIN-1425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15150257#comment-15150257
]
Lola Liu commented on KYLIN-1425:
---------------------------------
Actually the authorization is posted by ajax. Fortify reports insecure
submission because the form tag doesn't use method post.
> [Fortify] Insecure password submission in login page
> -----------------------------------------------------
>
> Key: KYLIN-1425
> URL: https://issues.apache.org/jira/browse/KYLIN-1425
> Project: Kylin
> Issue Type: Bug
> Affects Versions: v2.0, v1.0
> Reporter: Lola Liu
> Assignee: Zhong,Jason
> Attachments: password[1].png
>
>
> login.html submits a password as part of an HTTP GET request on line 41,
> which will cause the password to be displayed, logged, and stored in the
> browser cache.
> In console we can see when user login, there will be 2 authentication
> requests, 1 is POST and the other is GET.(Please refer to attached image)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
