- Posts: 2
- Thank you received: 0
GET request for password validation in user registration integration
- Chris Wong
- Topic Author
- Offline
- New Member
Less
More
3 years 1 month ago #141935
by Chris Wong
GET request for password validation in user registration integration was created by Chris Wong
I've enabled the user Registration Integration in the settings. During a PCI compliance scan, it noticed that the password field validation was using an ajax GET request. While it's encrypted with https, since it's a GET request, the password parameter could be logged in the log files.
I could have missed it, but I don't see a way to disable to the password validation in the configuration. The more permanent solution should be to change the password validation to a POST request. Another option is simply to disable the user registration integration, but that's somethiing we'd prefer to have.
I could have missed it, but I don't see a way to disable to the password validation in the configuration. The more permanent solution should be to change the password validation to a POST request. Another option is simply to disable the user registration integration, but that's somethiing we'd prefer to have.
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
3 years 1 month ago #141936
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic GET request for password validation in user registration integration
Hello Chris
We rely on a validation engine for data validation, so we could not change the request to POST for now. So if you want, you can only disable password validation. Edit the code in the file components/com_osmembership/view/register/tmpl/default_form.php, change this line of code:
to
Please note that one the modification is done, you should move this modified file to PATH_TO_TEMPLATE/html/com_osmembership/register folder so that the change won't be lost when you update
Hope this helps
Tuan
We rely on a validation engine for data validation, so we could not change the request to POST for now. So if you want, you can only disable password validation. Edit the code in the file components/com_osmembership/view/register/tmpl/default_form.php, change this line of code:
Code:
$passwordValidationRules .= ',ajax[ajaxValidatePassword]]';
to
Code:
$passwordValidationRules .= ']';
Please note that one the modification is done, you should move this modified file to PATH_TO_TEMPLATE/html/com_osmembership/register folder so that the change won't be lost when you update
Hope this helps
Tuan
Please Log in or Create an account to join the conversation.
- Chris Wong
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
3 years 1 month ago #141937
by Chris Wong
Replied by Chris Wong on topic GET request for password validation in user registration integration
Thanks. That worked.
Please Log in or Create an account to join the conversation.
- Tuan Pham Ngoc
- Offline
- Administrator
3 years 1 month ago #141939
by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic GET request for password validation in user registration integration
Great. Thanks for confirming
Tuan
Tuan
Please Log in or Create an account to join the conversation.
Support
Documentation
Information
Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.