Werk #16223: Deprecate automation user login via HTTP parameters
| Komponente | Setup | ||
| Titel | Deprecate automation user login via HTTP parameters | ||
| Datum | 19.11.2023 | ||
| Level | Kleine Änderung | ||
| Klasse | Neues Feature | ||
| Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen | ||
| Checkmk versions & editions |
|
Checkmk offers a method to authenticate individual requests with the _username/_secret parameter.
This also works for GET requests and was used for the Webapi (removed in 2.2).
Having secrets in GET parameters is considered bad practice since these parameters are usually logged by webservers and web proxies.
With this Werk we deprecate this authentication method. This means we now introduced a configuration option Enable automation user authentication via HTTP parameters to enable/disable this method. By default it is enabled to not interrupt existing workflows. In Checkmk 2.4 we will disable this by default so it will still be possible to enable this. In Checkmk 2.5 this method will be removed entirely.
If you currently use this method we recommend to switch to Basic Authentication.