AnsweredAssumed Answered

proxy page, tokens, error 498, password/username visible

Question asked by katroyer on Aug 28, 2014
Latest reply on Oct 4, 2018 by krefftc

I'm using the php proxy page from here: resource-proxy/PHP at master · Esri/resource-proxy · GitHub

It appears to work perfect however when I run it using firebug in firefox I can see my username and password for my secure service in both the response and the parameters.  I can repeat this both within my network and without, and I am using https (unsigned).

 

log file shows:

08-28-14 15:54:42 | GET detected

08-28-14 15:54:42 | Using session token

08-28-14 15:54:42 | Authorization failed : {"error":{"code":498,"message":"Invalid Token","details":[]}}

08-28-14 15:54:42 | Retry attempt 1 of 3

08-28-14 15:54:42 | Resource using ArcGIS Server security

08-28-14 15:54:42 | Got token endpoint

08-28-14 15:54:42 | Adding token to session

08-28-14 15:54:42 | Using session token

08-28-14 15:54:42 | Ok to proxy

08-28-14 15:54:42 | Proxy complete

 

Just not sure what I've done.  If I hadn't run firebug I would not have even noticed that my username/password is visible.

Outcomes