Use POST when submitting the login to prevent the login & password from

being logged in the HTTP server access log or the browser history.

diff --git a/src/cachemgr.cc b/src/cachemgr.cc
index 7d931635aa68e30fabb19205e1e599555ab5856f..2a340f24be0bace833e9505cda7149dd71c5a83f 100644 (file)
--- a/src/cachemgr.cc
+++ b/src/cachemgr.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: cachemgr.cc,v 1.100 2002/10/13 20:34:59 robertc Exp $
+ * $Id: cachemgr.cc,v 1.101 2002/11/15 13:10:18 hno Exp $
  *
  * DEBUG: section 0     CGI Cache Manager
  * AUTHOR: Duane Wessels
@@ -242,7 +242,7 @@ auth_html(const char *host, int port, const char *user_name)
     printf("<P>This is a WWW interface to the instrumentation interface\n");
     printf("for the Squid object cache.</P>\n");
     printf("<HR noshade size=\"1px\">\n");
-    printf("<FORM METHOD=\"GET\" ACTION=\"%s\">\n", script_name);
+    printf("<FORM METHOD=\"POST\" ACTION=\"%s\">\n", script_name);
     printf("<TABLE BORDER=\"0\" CELLPADDING=\"10\" CELLSPACING=\"1\">\n");
     printf("<TR><TH ALIGN=\"left\">Cache Host:</TH><TD><INPUT NAME=\"host\" ");
     printf("size=\"30\" VALUE=\"%s\"></TD></TR>\n", host);