cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Evgeni Kisel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4425) [OAuth] enable to send multiple requests with the same header
Date Mon, 16 Jul 2012 13:44:34 GMT

    [ https://issues.apache.org/jira/browse/CXF-4425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13415115#comment-13415115
] 

Evgeni Kisel commented on CXF-4425:
-----------------------------------

OAuth 1.0


1. I send the request to Service Provider and also sniffer it (get all authorization data
from header element)
2. Send another request with the same data (nonce, timestamp and so on).



Best Regards,
Evgeni
                
> [OAuth] enable to send multiple requests with the same header
> -------------------------------------------------------------
>
>                 Key: CXF-4425
>                 URL: https://issues.apache.org/jira/browse/CXF-4425
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
>
> It's possible to send multiple request with the same header. Actually it's a security
violation.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message