Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credentials for login are passed over HTTP even if HTTPS is enabled #676

Closed
ShubhamGupta29 opened this issue Apr 9, 2020 · 0 comments · May be fixed by #675
Closed

Credentials for login are passed over HTTP even if HTTPS is enabled #676

ShubhamGupta29 opened this issue Apr 9, 2020 · 0 comments · May be fixed by #675
Assignees
@ShubhamGupta29
Labels
security Any issue related to security of the user or service

Comments

@ShubhamGupta29
Copy link
Contributor

There is a login feature available for AutoTuning purpose. The issue is that if user reaches this Login page from the non-secure endpoints of Dr.Elephant or referred by some third-party(like Azkaban) via non-secure Dr.Elephant link/URL then the Login page will also be non-secured and forwarding of the login credentials to the backend is a security risk.

Internal Issue Tracking: PWN-19630
@ShubhamGupta29 ShubhamGupta29 self-assigned this Apr 9, 2020
@ShubhamGupta29 ShubhamGupta29 added the security Any issue related to security of the user or service label Apr 9, 2020
@ShubhamGupta29 ShubhamGupta29 linked a pull request Apr 9, 2020 that will close this issue
Adding the provision of redirecting HTTP requests to HTTPS #675
Open
@ShubhamGupta29 ShubhamGupta29 removed a link to a pull request Apr 9, 2020
Adding the provision of redirecting HTTP requests to HTTPS #675
Open
@ShubhamGupta29 ShubhamGupta29 linked a pull request Apr 9, 2020 that will close this issue
Adding the provision of redirecting HTTP requests to HTTPS #675
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShubhamGupta29 ShubhamGupta29

Labels
security Any issue related to security of the user or service
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding the provision of redirecting HTTP requests to HTTPS ShubhamGupta29/dr-elephant
1 participant
@ShubhamGupta29