I'm experincing the same problem. I also tried the last version (2.19.1) and seems it still presents the same inconvenience.
I think this can be considered a serious security problem as clear mistyped password will be writed on web server logs, proxies logs and so on. There is also a sencondary problem: if I type a wrong password at the first attempt, at the sencond one the previus password will be sent as an argument, together with the new password. Authentication will fail even if I typed the correct one and both passwords (the wrong but also the correct one) will be written in the webserver logs in clear text. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/7239b7f7-c384-494d-83b8-f37c033a8749%40googlegroups.com.
