https://bz.apache.org/bugzilla/show_bug.cgi?id=60178
--- Comment #3 from mgrigorov <mgrigo...@apache.org> --- The problem here is how to recognize that a request parameter contains sensitive information. 'j_password' is name defined in specs, so it is easy to handle. But an application is free to use any names for its form elements and it is impossible for the web server to decide whether something contains sensitive data or not. So hiding the value of `j_password` is a very special case that would solve just some of the cases. On the other side someone may want to see the plain value of such parameter to be able to debug an issue related to the authentication. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
