As I was looking at log files yesterday I came across the following line: 2009-06-12 08:51:56,460 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormActio n] - Binding allowed request parameters in map['lt' -> '_c867CA912-466E-BBAE-EB9 4-E793532928A0_kC2CAEC2A-D940-9912-8EBA-3F93B9E1B586', 'service' -> 'http://loca lhost:8888/cornerstone-sso', '_eventId' -> 'submit', 'password' -> 'y3x3.m4f', 'submit' -> 'LOGIN', 'username' -> 'deanhe01'] to form object with name 'credent ials', pre-bind formObject toString = [username: null]
Notice the bold. thats the password entered from the CAS login. Now I do realize that I am running in debug mode and that you would not run a production server in debug but, do we have to have the password right there in plain text? -- View this message in context: http://www.nabble.com/user-password-in-plalintext-in-cas.log-tp24001707p24001707.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
