Can we encrypt the credentials on httpget

Asked Jun 27 '19 at 12:22

Active Jul 14 '19 at 00:27

Viewed 37 times

We have an application running on MarkLogic. The code sends a get request. When there is an error, the entire GET request, along with the credentials, is displayed in the error message. What is the best practice to avoid this? Does MarkLogic have a way to encrypt authentication details.

var response = xdmp.httpGet(
  url,{"authentication": authentication}).toArray();

The variable authentication contains the username and password. How can I encrypt it?

edited Jul 14 '19 at 00:27

Mads Hansen

63,927
12
112
147

asked Jun 27 '19 at 12:22

Udhayha Karthik

1

MarkLogic supports multiple authentication methods. You should probably make sure you are using one of the secure methods first, and not pass username/password as part of the GET -->https://stackoverflow.com/questions/26671599/are-security-concerns-sending-a-password-using-a-get-request-over-https-valid – Mike Gardner Jun 27 '19 at 20:45
2

Contents of the variable is only shown if the url is bad or such. Otherwise, you get a normal return value from httpGet, just with a 401 reply. I agree with Michael though, better use POST, and preferably https as well at the very least. Also, try avoid putting auth details in variables if possible. – grtjn Jun 28 '19 at 09:52

Can we encrypt the credentials on httpget

0 Answers0