User login
Active forum topics
- Displaying Images in a JSR 168 Portlet
- Delete VAP User using custom code
- PortalBean getFolder()
- Mass publishing
- page content layout and duplication problem
- Why the tag <portlet:actionURL/> misses my servlet params?
- Retrieving the Menu from VAP
- Unable to delete the channels and the presentation templates
- Unable to see VCM Site List / Template List inside VAP Server Console
- How to insert Content Instance into Relator?
Username and Password being written to webserver logs on sendRedirect method call
Mon, 04/28/2008 - 20:46 — sanjanak
Hello,
In our PortalBean, the login.jsp does a POST action and uses the getFullViewURL() method to send the request to the ActionProcess.jsp. When the ActionProcess.jsp's sendRedirect is called to redirect to the homepage on aunthentication, we found out that some how it appends the username and user password parameters to the GET request and written to the web server logs.
Please see the LOG line below.
LOG ===> "GET
/portal/site/cityshare/template.MAXIMIZE/action.display/?viewID=LoginProcess&submit.y=0&submit.x=0&username=test&userpass=apassword&beanID=854232697&fromLegacyURL=true
HTTP/1.1" 302 337
Any help is appreciated to avoid logging of the username and password.
Thanks in advance.
Recent comments
4 days 1 hour ago
2 weeks 4 days ago
5 weeks 3 days ago
7 weeks 1 day ago
7 weeks 2 days ago
9 weeks 5 days ago
9 weeks 5 days ago
11 weeks 1 day ago
11 weeks 3 days ago
11 weeks 3 days ago