Thanks! It seems ok!! hope it will be corrected soon in the official version, as it should be considered as a serious security bug.
Il giorno lun 25 mag 2020 alle ore 06:29 egamarro dpu < egamarro....@gmail.com> ha scritto: > > I'm pretty sure Fred found the right line to fix this. Building on > Fred's suggestion, I fixed it this way: > > < redirect(self.url(args=request.args, > vars=request.vars),client_side=settings.client_side) > > > redirect(self.url(),client_side=settings.client_side) > > > > On Tuesday, April 28, 2020 at 8:56:16 AM UTC-5, Marvix wrote: >> >> I'm experiencing the same problem. >> >> I also tried the last version (2.19.1) and seems it still presents the >> same inconvenience. >> >> I think this can be considered a serious security problem as clear >> mistyped password will be written on web server logs, proxies logs and so >> on. >> >> There is also a secondary problem: if I type a wrong password at the >> first attempt, at the second one the previous password will be sent as an >> argument, together with the new password. >> >> Authentication will fail even if I typed the correct one and both >> passwords (the wrong but also the correct one) will be written in the >> webserver logs in clear text. >> > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/da40878b-c646-4ae4-973b-54f6308137ce%40googlegroups.com > <https://groups.google.com/d/msgid/web2py/da40878b-c646-4ae4-973b-54f6308137ce%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAApi09m1To8RAeaoDJy-Vwbr2%3Do5TbzrJpe49%3Dd8HgzAX9pycg%40mail.gmail.com.