Re: [Repoze-dev] [Repoze-checkins] r4659 - repoze.zope2/trunk/repoze/zope2

2009-05-12 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hanno Schlichting wrote: Removed _filterPasswordFields hack, preventing keys with the exact key 'passw' to be filtered out in one place is just obscurity. But you didn't de-obfuscate it, you ripped it out. Now, the response view shows

Re: [Repoze-dev] [Repoze-checkins] r4659 - repoze.zope2/trunk/repoze/zope2

2009-05-12 Thread Malthe Borch
2009/5/12 Tres Seaver tsea...@palladion.com: The server side wouldn't know that:  the presence of such a field in the request is completely independent of any form (e.g., cookies passed long after logging in). I understand the issue, but shouldn't the remedy be to avoid ever displaying request