LinuxQuestions.org
Have you heard the LinuxQuestions.org Podcast?
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page Encoding an URL containing sensitive data
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Thread Tools
Old 07-29-2008, 11:38 AM   #1
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 128
Thanked: 0
Question Encoding an URL containing sensitive data

[Log in to get rid of this advertisement]
Hi all,

We are using a web appliance at work to manage emails.
It allows through a web browser to read email, send email,....
However, on certain operations, it asks for the password again.
And...the password is sent in the URL (with a simple ROT13 protection) !

The problem is that you can find then these passwords in the log of the web proxy.

Myquestion: is there a way to set up a web proxy which "encodes", or hides URL or part of URL ?
So information are not appearing in the log files

Thanks
PlatinumX is offline     Reply With Quote
Old 07-29-2008, 11:50 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 16,716
Blog Entries: 30
Thanked: 283
Couldn't you just put something in between that wraps appliance access in Stunnel?
unSpawn is offline     Reply With Quote
Old 07-30-2008, 02:43 AM   #3
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 128
Thanked: 0

Original Poster
I just realising that I forgot HTTPS.
What about HTTPS ?

Are URL readeable in an HTTPS packet ?
Thanks

PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685
Last edited by PlatinumX; 07-30-2008 at 04:37 AM..
PlatinumX is offline     Reply With Quote
Old 07-30-2008, 05:31 AM   #4
win32sux
Moderator
 
Registered: Jul 2003
Distribution: Ubuntu 8.10
Posts: 8,603
Thanked: 106
Quote:
Originally Posted by PlatinumX View Post
PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685
Please don't do that - let's keep the discussion in one place.
Last edited by win32sux; 07-30-2008 at 05:47 AM..
win32sux is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Encoding ( ) in a url with perl Elguapo Programming 2 05-06-2008 02:43 PM
LXer: Six steps to secure sensitive data in MySQL LXer Syndicated Linux News 0 08-05-2006 06:03 PM
URL-Encoding on the command line? MikeyCarter Linux - Software 2 09-27-2005 09:10 AM
url encoding doesn't work fine with PHP markus1982 Programming 0 08-30-2003 03:04 AM
URL Encoding kud0ze Programming 2 12-11-2001 01:38 PM


All times are GMT -5. The time now is 05:13 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration