Tom Fonteyne created SECURITY-651: ------------------------------------- Summary: auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter Key: SECURITY-651 URL: https://issues.jboss.org/browse/SECURITY-651 Project: PicketBox (JBoss Security and Identity Management) Issue Type: Bug Security Level: Public (Everyone can see) Components: PicketBox Affects Versions: JBossSecurity_2.0.4.SP9 Environment: all Reporter: Tom Fonteyne Assignee: Anil Saldhana Priority: Minor Fix For: JBossSecurity_2.0.4.SP9 auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter This got fixed in SECURITY-650 for the class: jbosssx/​ src/​ main/​ java/​ org/​ jboss/​ security/​ authorization/​ resources/​ WebResource.java Also needs fixing in: org/​ jboss/​ web/​ tomcat/​ security/​ WebUtil.java which is a (broken) copy of the former class method -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira