Yes, it's not ideal, see: https://issues.apache.org/jira/browse/GUACAMOLE-956
On Tue, Nov 30, 2021 at 8:02 AM Barak, Tal <[email protected]> wrote: > > Hello all, > > > > I understand that when using the REST API, after generating a token, I must > add it to any additional API call as query parameter. > > > > Is this the only way when calling REST APIs? Isn’t it possible to add it to > the body of the message (instead of adding it to the URL)? > Isn’t it a security risk? Anyone which will sniff the communication will able > to get the token this way, no? > What is the life span of a token? It is expired at some point? > Does the product support one-use-only tokens? > > > > Best regards, > > Tal Barak. > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
