I haven't personally confirmed it, but it does make sense. Passwords are actually hashed, so there is no way to get the plaintext password once it has been hashed. The hash converts the password into a byte sequence that has values that fall outside the utf-8 encoding space, so CDATA wouldn't fix the issue. We would either have to not include the value or look into base64 encoding the XML messages, which may have it's own set of issues.
|