]
Takayuki Konishi updated GTNPORTAL-2082:
----------------------------------------
Forum Reference: (was:
j_security_check request is sent as GET method.
-----------------------------------------------
Key: GTNPORTAL-2082
URL:
https://issues.jboss.org/browse/GTNPORTAL-2082
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: 3.2.0-M01
Reporter: Takayuki Konishi
j_sequrity_check request is sent like:
http://localhost:8080/portal/private/j_security_check?j_username=root&...
The "root" value is user typed value and recorded in a browser history and
server side logs like access_log of apache that not expected to record such sensitive
information.
It causes some problems of security like a shoulder hacking in client side and it put an
unnecessary burden to server administrators because they have to manage sensitive
information in logs.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: