On Sat, 14 Dec 2013 12:43:26 -0200, Chung Khanh Duy
<chungkhanhduy1...@gmail.com> wrote:
Hi,
Hi!
I have a form with username and password, but when enter wrong password,
the validation will records the errors in screen, the all data of
t:formdata was sent back to server, I have used Live HTTP addon in
FireFox to investigate and can see the plaintext of password value I
typed.
The reason I think when has error in validation , tapestry will send back
t:formdata in GET method and we can see it as plaintext, it may fall
medium security because hacker can guest the right password base on
wrong value.
Please file a JIRA about it.
Is there any way to overrite value for t:formdata when has validation
error
Nope, but you don't need that. Just set the password property to null in
your onSuccess() method when the email/password combination fails.
--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
