-
Change Request
-
Resolution: Unresolved
-
Trivial
-
None
-
2.0.18, 2.2.14, 3.0.4
-
None
In zabbix frontend code we use "$_REQUEST" PHP global variable which contains data provided by both HTTP methods - POST and GET. Which provides possibility to login with url
zabbix/index.php?request=&name=login&password=passw0rd&autologin=1&enter=Sign+in
Yes, it provides some flexibility if someone really needs to login using GET method, for example from a custom web page etc.
But for other people the GET method availability may be considered as a security issue and they would want to disable it, preferably through some configuration parameter.