Monday, July 26, 2004 10:47 PM
We have a login page where we get username and password from the user. a correcponding form is also there where both these fields are declared as String. On submitting the page with username and password, struts logs the username and password into the logfile as clear text. The html:password tag is being used for password field. How can this be solved?. In the ConvertUtils and BeanUtils classes of commons-logging, log.trace() method is used, which logs these field values. We are able to suppress these logs by turning off the logging levels using, commons-logging.properties and simplelog.properties. But this is not acceptable. Can we have any other mechanism by which these password fields can be protected???