You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@netbeans.apache.org by "Jiří Kovalský (Jira)" <ji...@apache.org> on 2019/10/18 16:44:00 UTC
[jira] [Commented] (NETBEANS-3242) Security flaw in pluginportal's
google sign on
[ https://issues.apache.org/jira/browse/NETBEANS-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16954794#comment-16954794 ]
Jiří Kovalský commented on NETBEANS-3242:
-----------------------------------------
[~matthiasblaesing]can you please verify this and close the ticket then? Thanks!
> Security flaw in pluginportal's google sign on
> ----------------------------------------------
>
> Key: NETBEANS-3242
> URL: https://issues.apache.org/jira/browse/NETBEANS-3242
> Project: NetBeans
> Issue Type: Bug
> Components: updatecenters - Pluginportal
> Reporter: Jan Pirek
> Assignee: Jan Pirek
> Priority: Major
>
> Login process should work with google auth token and backend controller should verify and extract user from token insteas of passed value from client js part of the login which can be altered.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists