[xwiki-devs] Getting sessions password
Tiago Rinck Caveden
caveden at gmail.com
Mon Jul 21 13:14:04 CEST 2008
On Mon, Jul 21, 2008 at 12:40 PM, MikSan <scan at netvisao.pt> wrote:
>
> How Do I get a session password?
> I can get the username but not the password
I don't believe you should ever be able to do it, passwords are supposed to
be confidential.
Allowing to retrieve them somehow already shows that the system stores the
password as plain text instead of their hashes, what is a flaw IMHO.
Best regards,
--
Tiago Rinck Caveden
http://caveden.multiply.com
More information about the devs
mailing list