Page History

...

1) Sensitive information in requests should never be sent using query parameters.  The URLs (including the query parameters with the sensitive values) are frequently saved in many places downstream (e.g., browser cache, proxy servers, etc.)  Existing APIs such as addBaremetalDhcp, addBaremetalHost, addBaremetalPxeKickStartServer, addBaremetalPxePingServer, addCiscoVnmcResource, addCluster, addExternalFirewall, addExternalLoadBalancer, addF5LoadBalancer, addHost, addImageStore, addNetscalarLoadBalancer, addNiciraNvpDevice, addPaloAltoFirewall, addS3, addSRXFirewall, addStratosphereSsp, addUcsManager, addVmwareDc, addVpnUser, createAccount, createUser, createVolumeOnFiler, login, updateCloudToUseObjectStore, updateHostPassword, updateUser, uploadCustomCertificate, uploadSslCert and such should probably require that their request parameters be sent in a HTTP POST body.

...