Juan Hernandez has submitted this change and it was merged. Change subject: Don't send password using GET and query parameter ...................................................................... Don't send password using GET and query parameter Currently when the SDK requests the SSO token it does so using the HTTP GET method, and passing the user name and password as URL parameters. As a result this user name and password are likely stored in the web server access logs. To avoid that issue this patch changes the SDK so that it uses the HTTP POST will the user name and password in the request body. This change isn't compatible with the support for external SSO servers. As the engine doesn't support that at the moment this patch also removes it. It will be re-added in the future, when the engine supports it. Change-Id: I2d18ea2c91ec2ececaab1c6fb2e4da4e50005a4d Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com> --- D sdk/examples/external_authentication.rb M sdk/lib/ovirtsdk4/http.rb M sdk/spec/spec_helper.rb 3 files changed, 194 insertions(+), 220 deletions(-) Approvals: Juan Hernandez: Verified; Looks good to me, approved Jenkins CI: Passed CI tests -- To view, visit https://gerrit.ovirt.org/62649 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2d18ea2c91ec2ececaab1c6fb2e4da4e50005a4d Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine-sdk-ruby Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>