Hi Thiago, But I have a question, if has error occur in validation, the onSuccess() is not called, is that right ? If so , how can set password is null ? If I miss somthing, please let me know.
Thanks, Duy. On Sun, Dec 15, 2013 at 7:54 PM, Thiago H de Paula Figueiredo < thiag...@gmail.com> wrote: > On Sat, 14 Dec 2013 12:43:26 -0200, Chung Khanh Duy < > chungkhanhduy1...@gmail.com> wrote: > > Hi, >> > > Hi! > > > I have a form with username and password, but when enter wrong password, >> the validation will records the errors in screen, the all data of >> t:formdata was sent back to server, I have used Live HTTP addon in >> FireFox to investigate and can see the plaintext of password value I typed. >> >> The reason I think when has error in validation , tapestry will send back >> t:formdata in GET method and we can see it as plaintext, it may fall >> medium security because hacker can guest the right password base on wrong >> value. >> > > Please file a JIRA about it. > > > Is there any way to overrite value for t:formdata when has validation >> error >> > > Nope, but you don't need that. Just set the password property to null in > your onSuccess() method when the email/password combination fails. > > -- > Thiago H. de Paula Figueiredo > Tapestry, Java and Hibernate consultant and developer > http://machina.com.br > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Chung Khánh Duy Project Support Manager Formos
