LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Encoding an URL containing sensitive data (https://www.linuxquestions.org/questions/linux-security-4/encoding-an-url-containing-sensitive-data-659029/)

PlatinumX 07-29-2008 10:38 AM
Encoding an URL containing sensitive data
 
Hi all,

We are using a web appliance at work to manage emails.
It allows through a web browser to read email, send email,....
However, on certain operations, it asks for the password again.
And...the password is sent in the URL (with a simple ROT13 protection) !

The problem is that you can find then these passwords in the log of the web proxy.

Myquestion: is there a way to set up a web proxy which "encodes", or hides URL or part of URL ?
So information are not appearing in the log files

Thanks

unSpawn 07-29-2008 10:50 AM
Couldn't you just put something in between that wraps appliance access in Stunnel?

PlatinumX 07-30-2008 01:43 AM
I just realising that I forgot HTTPS.
What about HTTPS ?

Are URL readeable in an HTTPS packet ?
Thanks

PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685

win32sux 07-30-2008 04:31 AM
Quote:
Originally Posted by PlatinumX (Post 3230602)
PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685
Please don't do that - let's keep the discussion in one place.


All times are GMT -5. The time now is 05:13 AM.