You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Vamsavardhana Reddy <c1...@gmail.com> on 2007/08/16 08:29:39 UTC

LoginModule implementations in branches other than 2.x.x

The recent problems detected in LoginModule implementation are also
applicable to code in branches\1.2, branches\1.1 etc.  Though it has not
resulted in a security issue in other releases as serious as the one Donald
has unearthed in 2.0 release, the code is not as per what JAAS recommends.
Should we worry about fixing these LoginModule implementation classes in
other branches?

Vamsi

Re: LoginModule implementations in branches other than 2.x.x

Posted by David Jencks <da...@yahoo.com>.

I guess I think it would be reasonable to port the fixes to the 1.2  
branch before we forget since that should only take a few minutes but  
I'm not sure this is of enough importance to inspire someone to  
actually release 1.2.

thanks
david jencks

On Aug 15, 2007, at 11:29 PM, Vamsavardhana Reddy wrote:

> The recent problems detected in LoginModule implementation are also  
> applicable to code in branches\1.2, branches\1.1 etc.  Though it  
> has not resulted in a security issue in other releases as serious  
> as the one Donald has unearthed in 2.0 release, the code is not as  
> per what JAAS recommends.  Should we worry about fixing these  
> LoginModule implementation classes in other branches?
>
> Vamsi