Encoding an URL containing sensitive data
Hi all,
We are using a web appliance at work to manage emails.
It allows through a web browser to read email, send email,....
However, on certain operations, it asks for the password again.
And...the password is sent in the URL (with a simple ROT13 protection) !
The problem is that you can find then these passwords in the log of the web proxy.
Myquestion: is there a way to set up a web proxy which "encodes", or hides URL or part of URL ?
So information are not appearing in the log files
Thanks
|