jithu mada wrote:
[...]
The only way I can see for the userid and password to be visible in an
access log, is if they are part of the URL (actually, of the query
string) and unencoded.
Which would mean that this is a form-based authentication, with either
no method attribute in the <form> tag, or method="GET".
If it was really a POST, it would be in the body of the request, and not
appear in the access log.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
