Juan Hernandez has submitted this change and it was merged.
Change subject: Don't send password using GET and query parameter
......................................................................
Don't send password using GET and query parameter
Currently when the SDK requests the SSO token it does so using the HTTP
GET method, and passing the user name and password as URL parameters. As
a result this user name and password are likely stored in the web server
access logs. To avoid that issue this patch changes the SDK so that it
uses the HTTP POST will the user name and password in the request body.
This change isn't compatible with the support for external SSO servers.
As the engine doesn't support that at the moment this patch also removes
it. It will be re-added in the future, when the engine supports it.
Change-Id: I2d18ea2c91ec2ececaab1c6fb2e4da4e50005a4d
Signed-off-by: Juan Hernandez <juan.hernandez(a)redhat.com>
---
D sdk/examples/external_authentication.rb
M sdk/lib/ovirtsdk4/http.rb
M sdk/spec/spec_helper.rb
3 files changed, 194 insertions(+), 220 deletions(-)
Approvals:
Juan Hernandez: Verified; Looks good to me, approved
Jenkins CI: Passed CI tests
--
To view, visit
https://gerrit.ovirt.org/62649
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2d18ea2c91ec2ececaab1c6fb2e4da4e50005a4d
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine-sdk-ruby
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <juan.hernandez(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Juan Hernandez <juan.hernandez(a)redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>