Nginx loggedout of passwords in the POST

Hi!

Nginx + passenger with default settings for the log. For some reason, the logs are saved data type:

[24/Feb/2012:10:07:59 +0000] "POST /users/authenticate.xml?login=korjik&owner_id=1&password=password HTTP/1.1"

Searched through Google to get rid of it. What would you recommend?
October 8th 19 at 02:59
3 answers
October 8th 19 at 03:01
Obviously because the password was not passed in the post body, and as uri arguments.
October 8th 19 at 03:03
It is better hashed passwords to pass, even with the salt inside.
What is the point in the hash, then if necessary loginit user? And if you stupidly compare the hash received from the client, what meaning do hashed if it will act as an open password? - aniya.Kertzmann65 commented on October 8th 19 at 03:06
the way people says. the server along with the login form passes the "salt" — a random string, in the browser JS takes a hash from the password+salt, and sends it to the server, where the server validates their password + salt (he must remember to say in session). Thus the password is never transmitted in the clear. - Velva_Wym commented on October 8th 19 at 03:09
can suggest a good and easy solution for the MD5-hash in the browser, not to write a Bicycle? - abdullah.Moor commented on October 8th 19 at 03:12
October 8th 19 at 03:05
Disable logging — option?
wiki.nginx.org/NginxHttpLogModule#access_log

Or maybe change the format of the logs will fit?
wiki.nginx.org/NginxHttpLogModule#log_format

Find more questions by tags Nginx