Problem while performing Quick Ship Entire Order

> Hello All,
>
> I am working on latest OFBiz rev. After creating Sales order when i  
> try to "Quick Ship Entire Order" in order to proceed further and  
> create Return an Error occurs in ServiceEventHandler.java
> Found URL parameter [orderId] passed to secure (https) request-map  
> with uri [quickShipOrder] with an event that calls service  
> [quickShipEntireOrder]; this is not allowed for security reasons!  
> The data should be encrypted by making it part of the request body  
> instead of the request URL.
> There has been a recent commit in ServiceEventHandler.java and David  
> is expecting questions/comments after this, so here is my bit :-)
>
> Thanks & Regards
> - -
> Deepesh

>
> Yes, I did expect questions about this, but not so much from
> developers...
>
> To fix this the link needs to be changed into a form so that the
> parameters are encrypted (more secure from snooping, spoofing, etc).
>
> There has been significant discussion around this point, and changes
> made in various places to fix this, so there are quite a few examples.
>
> Is that something you are working on?
>
> -David
>
>
> On Mar 23, 2009, at 12:37 AM, Deepesh Kapoor wrote:
>
>> Hello All,
>>
>> I am working on latest OFBiz rev. After creating Sales order when i
>> try to "Quick Ship Entire Order" in order to proceed further and
>> create Return an Error occurs in ServiceEventHandler.java
>> Found URL parameter [orderId] passed to secure (https) request-map
>> with uri [quickShipOrder] with an event that calls service
>> [quickShipEntireOrder]; this is not allowed for security reasons! The
>> data should be encrypted by making it part of the request body
>> instead of the request URL.
>> There has been a recent commit in ServiceEventHandler.java and David
>> is expecting questions/comments after this, so here is my bit :-)
>>
>> Thanks & Regards
>> - -
>> Deepesh
>

> Thanks for the reply David, yes my present work concerns with return
> created for the order. I will take the reference from the changes made
> earlier to fix this.
> -
> Deepesh
>
> David E Jones wrote:
>>
>> Yes, I did expect questions about this, but not so much from
>> developers...
>>
>> To fix this the link needs to be changed into a form so that the
>> parameters are encrypted (more secure from snooping, spoofing, etc).
>>
>> There has been significant discussion around this point, and changes
>> made in various places to fix this, so there are quite a few examples.
>>
>> Is that something you are working on?
>>
>> -David
>>
>>
>> On Mar 23, 2009, at 12:37 AM, Deepesh Kapoor wrote:
>>
>>> Hello All,
>>>
>>> I am working on latest OFBiz rev. After creating Sales order when i
>>> try to "Quick Ship Entire Order" in order to proceed further and
>>> create Return an Error occurs in ServiceEventHandler.java
>>> Found URL parameter [orderId] passed to secure (https) request-map
>>> with uri [quickShipOrder] with an event that calls service
>>> [quickShipEntireOrder]; this is not allowed for security reasons!
>>> The data should be encrypted by making it part of the request body
>>> instead of the request URL.
>>> There has been a recent commit in ServiceEventHandler.java and David
>>> is expecting questions/comments after this, so here is my bit :-)
>>>
>>> Thanks & Regards
>>> - -
>>> Deepesh
>>
>