I run an internal wiki at work, and on of the users just pointed out that if you inspect the POST request (dologin.action) you can see the password in plain text.
Example of the request body below.
os_username=wikitestaccount&os_password=examplePassword123&login=Log+in&os_destination=
This is a really bad security setup, people's passwords are being stored in plain text in the database! How can I configure confluence so that user passwords are hashed?
Update: Passwords are not being stored in plaintext, but they are being hashed on the server side from the look of it. Is there anyway to enforce password hashing on the client side?
