Cleartext submission of password

Hi,

I am using grafana 4.6.3 and nginx 1.14.x.

While testing grafana it show cleartext submission of password during login.
What to know how to protect that.

Regards

Nitendra

Use https/ssl like you would do in any other web application

Hi,

Thanks for your response. We have done that.
What we are looking for is say my password is abc!efg
If I intercept browser session information, I get password = abc!efg in grafana, while if we use say enterprise product and intercept it session , we would get password= abc%21efg
In this way it is prevent sensitive information being captured at client side.

We are looking at how to do that. In grafana I was not able to find enforce complex password policy like combination characters, numerals and special characters. Do you know where to find that.

Regards

Nitendra

In what way does this prevent sensitive information being captured at client side? It’s basically url encoded value vs not url encoded.

You can’t do that in Grafana, but I would suggest you use 3rd party oauth or ldap authentication to enforce these kinds of requirements.

Marcus

Thanks we will integrate grafana with ldap server…