karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-956) jaas module should throw generic FailedLoginException
Date Mon, 24 Oct 2011 03:44:32 GMT
jaas module should throw generic FailedLoginException 

                 Key: KARAF-956
                 URL: https://issues.apache.org/jira/browse/KARAF-956
             Project: Karaf
          Issue Type: Improvement
            Reporter: Freeman Fang
            Assignee: Freeman Fang

currently it always throw very detailed exception like
throw new FailedLoginException("User does not exist");
throw new FailedLoginException("Password for " + user + " does not match");
though it's very useful during development or debug, it can leak hint to malicious client,
we need
provide a configurable way to throw FailedLoginException with/without detailed message.
Likely add a property in etc/org.apache.karaf.jaas.cfg, the default value is just throw very
generic FailedLoginException without detailed message, this would be more safe for real productions

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message