There is a note in the log4j.properties file that states that if you set Spring log settings to DEBUG then parameters will be logged.
http://developer.ja-sig.org/source/browse/jasig/cas3/webapp/WEB-INF/classes/log4j.properties?r=1.3 If AuthenticationViaForm also does that, then I'll add the same warning message in the log file for that. Velpi wrote: >Hi > >AuthenticationViaFormAction is logging passwords when set to DEBUG. It does >that >because it outputs the request parameters. >It's not really a problem, but it would be best to prevent this somehow in the >future if possible. In my opinion password mining should not be made easy, >even >for admins... > >-- Velpi >_______________________________________________ >cas-dev mailing list >[email protected] >http://tp.its.yale.edu/mailman/listinfo/cas-dev > > _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
