password shown in plain text in URL
-----------------------------------
Key: JBPORTAL-189
URL: http://jira.jboss.com/jira/browse/JBPORTAL-189
Project: JBoss Portal
Type: Bug
Components: Portal Core
Versions: 2.0 Alpha
Reporter: James Dixon
Assigned to: Julien Viet
If you provide a wrong user id during login, you password is displayed in plain
text on the URL of the next page.
e.g. I have a typo in my user id, but provide the correct password. The URL of
the next page is: Code:
http://localhost:8080/portal/j_security_check?j_username=jdoeOOPS&j_password=wingnuts
The login form is a 'post' but something somewhere must be doing a 'get'
to result in this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
JBoss-Development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-development
