Closed ebogaard closed 11 years ago
ebogaard
commented
11 years ago Thanks for the update. It's much better(safer) now. Still, I see the user/pw combination once in plain text. Is this necessary to login once in the Alfresco cmisbrowser, or is there a difinitive solution?
agea
commented
11 years ago It's possible to use a POST request instead of a GET, but to obtain the ticket you have to login with username and password. I think the only way to increase security is to use SSL
When I check the requests made by the HTML5-Client, I can see it sends the username and password in clear text in the URL. Like this: https://user:password@url/alfresco/et cetera
As this is quite a bit of a security risk, is there some way to improve the way the HTML5-Client sends the login info?