Question about security

Dear,
looking the access log I noticed that when an user buy a plan the component call the following GET requests:
first:
/index.php?option=com_osmembership&task=validator.validate_email&fieldId=email&fieldValue=XXXX@XXXX.com&name=eric&_=NNNNNNNNNNNNN

and than:
/index.php?option=com_osmembership&task=validator.validate_password&fieldId=password1&fieldValue=XXXXXXXX&_=NNNNNNNNNNNNN

Why in the first request there is always "name=eric"?
Why in the second request the password was sent without a security system (in clear) or using POST method?

Bests

Hello

In short, the two requests are made by the validation library which we are using github.com/posabsolute/jQuery-Validation-Engine for validating username and password

1. The first request has name=eric, it's hardcoded in the request by the library. I didn't want to hack it, so I left it as how it's. Now you mention about it, maybe I should remove that param in the next release

2. I will have to check if the library allows us to send that data in POST request. If not, maybe I will remove that validation for now as we perform validation when the form is submitted anyway

Give me sometime to work on it. We will have it addressed in next release 2.16.1 which I'm working on at the moment

Tuan