Security Hole with generate_auth_cookie
-
I believe there’s a big security hole with the generate_auth_cookie call since username and password should never be passed as arguments because anyone can sniff the traffic. Is there going to be a fix to accept HTTP POST request for username and password? I believe it’s much more secured when sites are using HTTP POST and SSL enabled. Thanks.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Security Hole with generate_auth_cookie’ is closed to new replies.