https://bugzilla.novell.com/show_bug.cgi?id=645835
https://bugzilla.novell.com/show_bug.cgi?id=645835#c3
--- Comment #3 from Thomas Biege 2010-10-15 08:16:42 UTC ---
http://guides.rubyonrails.org/security.html#logging describes how to omit
sensitive information, like passwords, in log files. IMO passwords are not
relevant for debugging.
There is no reason to store the password in the cookie, it is even dangerous.
After logging in the user gets a session cookie, nothing else is needed.
Mandatory SSL usage is - of course - a desirable security feature. (It can be
considered as de facto standard for critical application.)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.