Comment 3 for bug 1710949

Thanks, Galen.

I wouldn't want to give the impression that using .init and .complete unencrypted is OK, though. It scrambles the password, but not the auth tokens or sensitive data that usually accompany them. There really are very few scenarios where talking to the gateways unencrypted is OK. Perhaps I should open a ticket for requiring SSL to the gateways?

On a related note, I've pushed a commit to add open-ils.auth.login to the list of APIs whose params should be redacted in the logs.