Encoding an URL containing sensitive data
Hi all,
We are using a web appliance at work to manage emails. It allows through a web browser to read email, send email,.... However, on certain operations, it asks for the password again. And...the password is sent in the URL (with a simple ROT13 protection) ! The problem is that you can find then these passwords in the log of the web proxy. Myquestion: is there a way to set up a web proxy which "encodes", or hides URL or part of URL ? So information are not appearing in the log files Thanks |
Couldn't you just put something in between that wraps appliance access in Stunnel?
|
I just realising that I forgot HTTPS.
What about HTTPS ? Are URL readeable in an HTTPS packet ? Thanks PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685 |
Quote:
|
All times are GMT -5. The time now is 05:13 AM. |