You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Jarek Gawor (JIRA)" <ji...@apache.org> on 2007/10/22 06:51:50 UTC
[jira] Created: (GERONIMO-3543) SQLLoginModule successfully
authenticates non-existent users
SQLLoginModule successfully authenticates non-existent users
------------------------------------------------------------
Key: GERONIMO-3543
URL: https://issues.apache.org/jira/browse/GERONIMO-3543
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.0.2, 2.0.1, 2.0, 2.1
Reporter: Jarek Gawor
Priority: Critical
Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3543) SQLLoginModule successfully
authenticates non-existent users
Posted by "Joe Bohn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bohn updated GERONIMO-3543:
-------------------------------
Fix Version/s: (was: 2.0.x)
2.0.3
> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
> Key: GERONIMO-3543
> URL: https://issues.apache.org/jira/browse/GERONIMO-3543
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
> Reporter: Jarek Gawor
> Assignee: Vamsavardhana Reddy
> Priority: Critical
> Fix For: 2.0.3, 2.1
>
> Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3543) SQLLoginModule successfully
authenticates non-existent users
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vamsavardhana Reddy closed GERONIMO-3543.
-----------------------------------------
Resolution: Fixed
> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
> Key: GERONIMO-3543
> URL: https://issues.apache.org/jira/browse/GERONIMO-3543
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
> Reporter: Jarek Gawor
> Assignee: Vamsavardhana Reddy
> Priority: Critical
> Fix For: 2.0.x, 2.1
>
> Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3543) SQLLoginModule successfully
authenticates non-existent users
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vamsavardhana Reddy updated GERONIMO-3543:
------------------------------------------
Regression: [Regression]
Patch Info: [Patch Available]
Fix Version/s: 2.1
2.0.x
Assignee: Vamsavardhana Reddy
> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
> Key: GERONIMO-3543
> URL: https://issues.apache.org/jira/browse/GERONIMO-3543
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
> Reporter: Jarek Gawor
> Assignee: Vamsavardhana Reddy
> Priority: Critical
> Fix For: 2.0.x, 2.1
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3543) SQLLoginModule successfully
authenticates non-existent users
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vamsavardhana Reddy updated GERONIMO-3543:
------------------------------------------
Attachment: GERONIMO-3543.patch
> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
> Key: GERONIMO-3543
> URL: https://issues.apache.org/jira/browse/GERONIMO-3543
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
> Reporter: Jarek Gawor
> Assignee: Vamsavardhana Reddy
> Priority: Critical
> Fix For: 2.0.x, 2.1
>
> Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3543) SQLLoginModule successfully
authenticates non-existent users
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536578 ]
Vamsavardhana Reddy commented on GERONIMO-3543:
-----------------------------------------------
Completed: At revision: 587006
o Fixed the LoginModule to throw FailedLoginException for non-existent user
o Added a test to detect regression
**: This commit can use a thorough review.
> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
> Key: GERONIMO-3543
> URL: https://issues.apache.org/jira/browse/GERONIMO-3543
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
> Reporter: Jarek Gawor
> Assignee: Vamsavardhana Reddy
> Priority: Critical
> Fix For: 2.0.x, 2.1
>
> Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.