hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp

Browse Source 
Co-authored-by: Arthur Baars <aibaars@github.com>
This commit is contained in:
Alex Ford
2022-10-13 21:43:59 +01:00
committed by GitHub
parent 43fec9dfc8
commit 15cab6eed5
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp
View File

@@ -4,7 +4,7 @@
<p>
Sensitive information such as user passwords should not be transmitted within the query string of the requested URL.
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server,
and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked
and any proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked
or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are
followed. Placing sensitive information into the URL therefore increases the risk that it will be captured by an attacker.
</p>