Im new to Xeoma and running it in a docker container on a server, i configured Xeoma to setup CCTV web server which works fine but i noticed the password is passed in the URL in plain text when logging in. There isnt any reason to do this (besides lazy development) and its extremely insecure even over HTTPS.
Have i missed a setting or is this intended behaviour? If so (intended) please Felenasoft in the nicest way possible hire someone who knows just about anything with regards to security over the web. with the password in the address bar people browser history not to mention many other forms of attack could be used to get into the CCTV system if the user isnt going out of there way to avoid falling into security wholes you left in for no good reason (just use the normal basic encrypted HTTP POST rest call like everyone else).
I must say seeing security software do a mistake i wouldnt expect a 1 year Junior developer to make relating to security does not fill me with much confidence the software is secure.
