Encoding an URL containing sensitive data

PlatinumX · 07-29-2008, 10:38 AM

Hi all,

We are using a web appliance at work to manage emails.
It allows through a web browser to read email, send email,....
However, on certain operations, it asks for the password again.
And...the password is sent in the URL (with a simple ROT13 protection) !

The problem is that you can find then these passwords in the log of the web proxy.

Myquestion: is there a way to set up a web proxy which "encodes", or hides URL or part of URL ?
So information are not appearing in the log files

Thanks

unSpawn · 07-29-2008, 10:50 AM

Couldn't you just put something in between that wraps appliance access in Stunnel?

PlatinumX · 07-30-2008, 01:43 AM

I just realising that I forgot HTTPS.
What about HTTPS ?

Are URL readeable in an HTTPS packet ?
Thanks

PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685

win32sux · 07-30-2008, 04:31 AM

Quote:

Originally Posted by PlatinumX

PS: i continued this topic in aother one with a more approriate title http://www.linuxquestions.org/questi...9/#post3230685

Please don't do that - let's keep the discussion in one place.