I'm just starting using Struts and i don't know if the problem has been
raised already (no archive ?), but i was very surprised when i've tried the
strut-example application : as the tour suggested i've tried to log with a
bad login/password. The automatic filing functionality is wonderful but it
is also introducing a security problem when running on password fields : the
response HTML was containing my password !
<input type="password" name="password" maxlength="16" size="16"
value="toto">
Shouldn't this automatic filing functionality be disabled on password
fields, or does the dev team decided that it's up to each web site maker to
chose to implement an empty getPassword() function in the corresponding Form
?
Sorry for my poor english.
Frederic.
