You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Jarek Gawor (JIRA)" <ji...@apache.org> on 2007/10/22 06:51:50 UTC

[jira] Created: (GERONIMO-3543) SQLLoginModule successfully authenticates non-existent users

SQLLoginModule successfully authenticates non-existent users
------------------------------------------------------------

                 Key: GERONIMO-3543
                 URL: https://issues.apache.org/jira/browse/GERONIMO-3543
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0.2, 2.0.1, 2.0, 2.1
            Reporter: Jarek Gawor
            Priority: Critical


Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-3543) SQLLoginModule successfully authenticates non-existent users

Posted by "Joe Bohn (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joe Bohn updated GERONIMO-3543:
-------------------------------

    Fix Version/s:     (was: 2.0.x)
                   2.0.3

> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3543
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3543
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Jarek Gawor
>            Assignee: Vamsavardhana Reddy
>            Priority: Critical
>             Fix For: 2.0.3, 2.1
>
>         Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-3543) SQLLoginModule successfully authenticates non-existent users

Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vamsavardhana Reddy closed GERONIMO-3543.
-----------------------------------------

    Resolution: Fixed

> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3543
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3543
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Jarek Gawor
>            Assignee: Vamsavardhana Reddy
>            Priority: Critical
>             Fix For: 2.0.x, 2.1
>
>         Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-3543) SQLLoginModule successfully authenticates non-existent users

Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vamsavardhana Reddy updated GERONIMO-3543:
------------------------------------------

       Regression: [Regression]
       Patch Info: [Patch Available]
    Fix Version/s: 2.1
                   2.0.x
         Assignee: Vamsavardhana Reddy

> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3543
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3543
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Jarek Gawor
>            Assignee: Vamsavardhana Reddy
>            Priority: Critical
>             Fix For: 2.0.x, 2.1
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-3543) SQLLoginModule successfully authenticates non-existent users

Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vamsavardhana Reddy updated GERONIMO-3543:
------------------------------------------

    Attachment: GERONIMO-3543.patch

> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3543
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3543
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Jarek Gawor
>            Assignee: Vamsavardhana Reddy
>            Priority: Critical
>             Fix For: 2.0.x, 2.1
>
>         Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-3543) SQLLoginModule successfully authenticates non-existent users

Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-3543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536578 ] 

Vamsavardhana Reddy commented on GERONIMO-3543:
-----------------------------------------------

Completed: At revision: 587006  
 o Fixed the LoginModule to throw FailedLoginException for non-existent user
 o Added a test to detect regression

**: This commit can use a thorough review.

> SQLLoginModule successfully authenticates non-existent users
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3543
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3543
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Jarek Gawor
>            Assignee: Vamsavardhana Reddy
>            Priority: Critical
>             Fix For: 2.0.x, 2.1
>
>         Attachments: GERONIMO-3543.patch
>
>
> Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.