hi, experts, I found that although inputSecret is used for password, it is transmitted in formdata posted to server?
and solution for this case?
ronaldo ronaldinho
primeface password is plaintext
-
- Posts: 50
- Joined: 18 Oct 2013, 23:40
inputSecret just masks the entered values in the browser, it's nothing to do with the transmitted data (which will be plain text in the submitted request's parameters, and is normal behaviour).
You're using HTTPS to secure traffic to your site though, right? In which case the password being plain text in the request parameters is a moot point.
You're using HTTPS to secure traffic to your site though, right? In which case the password being plain text in the request parameters is a moot point.
-
- Posts: 10
- Joined: 12 Oct 2017, 10:06
thanks sir. this is requirement from auditor
-
- Information
-
Who is online
Users browsing this forum: No registered users and 26 guests