karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (Work started) (JIRA)" <j...@apache.org>
Subject [jira] [Work started] (KARAF-956) jaas module should throw generic FailedLoginException
Date Mon, 24 Oct 2011 05:54:32 GMT

     [ https://issues.apache.org/jira/browse/KARAF-956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Work on KARAF-956 started by Freeman Fang.

> jaas module should throw generic FailedLoginException 
> ------------------------------------------------------
>                 Key: KARAF-956
>                 URL: https://issues.apache.org/jira/browse/KARAF-956
>             Project: Karaf
>          Issue Type: Improvement
>            Reporter: Freeman Fang
>            Assignee: Freeman Fang
> currently it always throw very detailed exception like
> throw new FailedLoginException("User does not exist");
> and 
> throw new FailedLoginException("Password for " + user + " does not match");
> though it's very useful during development or debug, it can leak hint to malicious client,
we need
> provide a configurable way to throw FailedLoginException with/without detailed message.
> Likely add a property in etc/org.apache.karaf.jaas.cfg, the default value is just throw
very generic FailedLoginException without detailed message, this would be more safe for real
productions env.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message