0

I am using flask and want to create a url which is a post request and contains "username" and "password" as a string in url

@app.route('/login/<username>/<password>')
def login(username,password):
return password

My Url should look like this

http://192.158.42.102:8080/login/iamuser/iamuser##123

But the problem is that password is truncated to "iamuser##123" to "iamuser" , How can I pass the full passowrd as string.

@app.route('/login/<username>/<string:password>')

But still it is returning "iamuser" . Can anyone resolve this issue so that I could pass any string to the url. I do not want to use the form for posting the request

Madhav mishra
  • 313
  • 4
  • 20
  • If you can change the requirements, passwords should not be passed in the URL, but in an [Authentication header](https://stackoverflow.com/q/19514538/2745495) or in a [request form](https://stackoverflow.com/q/61966473/2745495). That way, in can still contain special characters and not conflict with URL special characters, such as `#`. – Gino Mempin May 29 '21 at 05:05
  • Does this answer your question? [How to send password to REST service securely?](https://stackoverflow.com/questions/19514538/how-to-send-password-to-rest-service-securely) (I know this isn't really answering the question, but I don't want to suggest other solutions that will let you pass password in the URL. The answer in that link is a much better way to go.) – Gino Mempin May 29 '21 at 05:08
  • 2
    Please note that it is **extremely dangerous** to include password (sensitive information) in request URL (path parameter, or query strings), as web-servers and proxies tend to log request URLs, which could leak sensitive user information. – Peter Lang May 29 '21 at 05:08
  • 2
    Do not put passwords or other secrets into the URL. It will be stored in the browser history and web log and possibly at other places as well. – Klaus D. May 29 '21 at 05:09
  • I guess he thinks to a hashed_password.. – poetyi Jul 06 '21 at 10:30

0 Answers0