AnsweredAssumed Answered

How to secure the login API

Question asked by hiten.rastogi on May 21, 2018
Latest reply on May 21, 2018 by afaust

Hi All,

 

During the security test of our instance our security expert asked us to secure the login API 

http://www.myserver.com:8080/alfresco/service/api/login?u=me&pw=mypassword

 

as it send the username and password as it is and can be used by attacker to forge the request login if the admin password is known.

 

Can anyone tell me how we can secure this API or in my case I can disable it also.

 

 

Thanks

Hiten Rastogi

Outcomes