tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Avoiding username/password being logged into localhost access logs
Date Wed, 22 Apr 2009 22:15:23 GMT
jithu mada wrote:
The only way I can see for the userid and password to be visible in an 
access log, is if they are part of the URL (actually, of the query 
string) and unencoded.
Which would mean that this is a form-based authentication, with either 
no method attribute in the <form> tag, or method="GET".
If it was really a POST, it would be in the body of the request, and not 
appear in the access log.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message