All:

I am using CMA with Tomcat4/Apache1.3. I have a form-based login page
pointed at j_security_check. When a user submits the form the username and
password is shown in the statusbar of the browser. Also, there is a log
entry in the Apache logs that display this same URL that with
username/password information.

Is there anyway to avoid the URL being displayed, and more importantly, is
there a way to not log the login request?

Thanks, Vinh.