Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose License Key at rtmedia.io #2036

Open
MiteshShah opened this issue Jan 10, 2024 · 8 comments
Open

Expose License Key at rtmedia.io #2036

MiteshShah opened this issue Jan 10, 2024 · 8 comments
Assignees
Milestone

Comments

@MiteshShah
Copy link
Member

MiteshShah commented Jan 10, 2024

104.198.7.79 BYPASS [10/Jan/2024:08:43:28 +0000] rtmedia.io "GET /?edd_action=activate_license&license=XXXXXXXXXXXXXXXXX&item_name=rtMedia%20Docs%20and%20Other%20files&url=https://www.inblf.com HTTP/1.1" 200 134 "-" "WordPress/6.4.2; https://example.com"0.254 0.255
104.236.212.59 BYPASS [10/Jan/2024:08:44:12 +0000] rtmedia.io "GET /rt-eddsl-api?rt-eddsl-license-key=XXXXXXXXXXXXXXX HTTP/1.1" 200 330 "-" "GuzzleHttp/7"0.464 0.464

Sending sensitive information (API or License key) in query parameters is generally not recommended for security reasons. URLs are often logged in various places, such as browser history, server logs, and can be exposed in shared links, posing a security risk.

@gagan0123

@Utsav-Ladani
Copy link
Collaborator

Hi @MiteshShah

This issue is resolved with this PR. We will add it in the next release.

Thanks

CC: @gagan0123

@pavanpatil1 pavanpatil1 added this to the v4.6.18 milestone Jan 12, 2024
@MiteshShah
Copy link
Member Author

@Utsav-Ladani I can see PR is merged already.
Do we close this issue if we released a fix already ?

@Utsav-Ladani
Copy link
Collaborator

@MiteshShah, the fix has been added in the pre-release branch but has yet to be released.

It is added in milestone v4.6.18. So, we have to keep this PR open until milestone v4.6.18 is released. Will let you know once the plugin is released.

@pavanpatil1
Copy link
Collaborator

It is fixed, Hence closing this issue

@MiteshShah
Copy link
Member Author

@pavanpatil1 I can still see the license keys on logs still as on 4th Nov 2024.
cc: @radhe

@MiteshShah MiteshShah reopened this Nov 4, 2024
@krishana7911
Copy link
Contributor

Hi @MiteshShah can you please share recent logs for reference regarding the issue.

@MiteshShah
Copy link
Member Author

@nitun
Copy link
Contributor

nitun commented Nov 29, 2024

@krishana7911 please look into this. Its important task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants