Hi, I have found out that stripes logs the values(also values from stipes-password-tag) as plain text, when the Validation-annotation is used with the required-param. 2009-04-14 17:13:08,246 DEBUG [http-8080-Processor25] (Log.java:183) - Checking required field: password, with values: [secret]
I think this is a security hole, therefore I wrote my own ActionBeanPropertyBinder and removed the logging of the value. But isn't it a generally problem, which should be fixed in the DefaultActionBeanPropertyBinder? Cheers, Thomas ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
