XenForo
Administrative
- Thread starter
- Admin
- #1
The Auth API endpoint requires the sensitive info such as username and password, session id, and cookie to be passed as query parameters.
Request URLs get logged in server access logs, which record these credentials plain text into logs that may not even be in the hands of the forum owner.
This is a security concern and data processing issue.
As a solution, the Auth API endpoint should either require to...
Read more
ادامه مطلب...
Request URLs get logged in server access logs, which record these credentials plain text into logs that may not even be in the hands of the forum owner.
This is a security concern and data processing issue.
As a solution, the Auth API endpoint should either require to...
Read more
ادامه مطلب...