[ http://jira.jboss.com/jira/browse/JBPORTAL-189?page=history ]
Julien Viet resolved JBPORTAL-189:
----------------------------------
Resolution: Done
Fix Version: 2.0 Beta
> password shown in plain text in URL
> -----------------------------------
>
> Key: JBPORTAL-189
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-189
> Project: JBoss Portal
> Type: Bug
> Components: Portal Core
> Versions: 2.0 Alpha
> Reporter: James Dixon
> Assignee: Julien Viet
> Fix For: 2.0 Beta
>
>
> If you provide a wrong user id during login, you password is displayed in
> plain text on the URL of the next page.
> e.g. I have a typo in my user id, but provide the correct password. The URL
> of the next page is: Code:
> http://localhost:8080/portal/j_security_check?j_username=jdoeOOPS&j_password=wingnuts
>
>
> The login form is a 'post' but something somewhere must be doing a 'get'
> to result in this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
JBoss-Development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-development
