> I am accessing the cas login page through SSL but in Firefox/IE8 when I > submit the login page it shows the http header with plain password as
That's not a header, it's the body of an HTTP POST and is working as designed. I assume you got that either from a client proxy, request trace tool (e.g. firebug), or server request dump. In any of those cases, you're viewing the data either _before_ or _after_ transport encryption. The data is of course plain text to the endpoints of the SSL conversation; the purpose of SSL is to encrypt the data in transit to prevent interception by third parties outside the two communicating peers. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
