i have seen, that the username and password for zenoss get logged in the zope logfile Z2.log see example with __ac_password=zenoss below
10.164.5.19 - Anonymous [01/Sep/2008:15:49:16 +0200] "GET /zport/acl_users/cookieAuthHelper/login?came_from=http://stnag01.vpnvbs2.admin.ch:8080/zport/dmd&submitted=true&__ac_name=admin&__ac_password=zenoss&submit= HTTP/1.1" 302 374 "http://localhost:8080/zport/acl_users/cookieAuthHelper/login_form this looks like a security hole, especially whit zenoss connected to the ldap this behavior is uggly -------------------- m2f -------------------- Read this topic online here: http://forums.zenoss.com/viewtopic.php?p=25876#25876 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
