2 Replies Latest reply on Nov 2, 2011 10:12 AM by mailojah

    After login, URL sets out in clear

    mailojah
    mailojah Nov 2, 2011 5:08 AM

      Goodmorning, I have a question
      after login in my seam web application I see that URL sets out in clear username and password :O !!


      Infact it become:




      http://loclahost:8080/MyApp/main/home?j_id182=j_id182&j_id182%3Ausername=myusername&j_id182%3Apassword=mypassword&j_id182%3Alogin=Login&javax.faces.ViewState=j_id1#





      why??
      Thank's for all!
      Andrea

      • 250 Views
      • Tags:
        • 1. Re: After login, URL sets out in clear
          antibrumm.mfrey0.bluewin.ch
          antibrumm.mfrey0.bluewin.ch Nov 2, 2011 5:55 AM (in response to mailojah)

          Most likely you are send the form with a GET request. Are you using a seam button? Use the normal jsf button and it will not be displayed. But the password is still transfered in cleartext btw.

            • Actions
          • 2. Re: After login, URL sets out in clear
            mailojah
            mailojah Nov 2, 2011 10:12 AM (in response to mailojah)

            Thank you for reply.
            I don't use seam button, but simple h:commandButton.
            I try to use this cose in pages.xml




            <page view-id="*">    
<navigation from-action="#{identity.login}">  
                 <redirect view-id="/main/home.xhtml"/>
             </navigation> 
             <navigation from-action="#{identity.logout}">
                 <redirect view-id="/main/home.xhtml"/>
             </navigation> 
           </page>



            and so I have redirect without username and password in clear. This would be a solution, infact work it, but exist another clear solution??
            Thank's
            Andrea



              • Actions