I'm pretty sure Fred found the right line to fix this. Building on
Fred's suggestion, I fixed it this way:
< redirect(self.url(args=request.args,
vars=request.vars),client_side=settings.client_side)
> redirect(self.url(),client_side=settings.client_side)
On Tuesday, April 28, 2020 at 8:56:16 AM UTC-5, Marvix wrote:
>
> I'm experiencing the same problem.
>
> I also tried the last version (2.19.1) and seems it still presents the
> same inconvenience.
>
> I think this can be considered a serious security problem as clear
> mistyped password will be written on web server logs, proxies logs and so
> on.
>
> There is also a secondary problem: if I type a wrong password at the first
> attempt, at the second one the previous password will be sent as an
> argument, together with the new password.
>
> Authentication will fail even if I typed the correct one and both
> passwords (the wrong but also the correct one) will be written in the
> webserver logs in clear text.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/da40878b-c646-4ae4-973b-54f6308137ce%40googlegroups.com.
