You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@netbeans.apache.org by "Matthias Bläsing (Jira)" <ji...@apache.org> on 2019/10/18 18:01:00 UTC
[jira] [Closed] (NETBEANS-3242) Security flaw in pluginportal's
google sign on
[ https://issues.apache.org/jira/browse/NETBEANS-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthias Bläsing closed NETBEANS-3242.
--------------------------------------
With the change from [https://github.com/apache/netbeans-tools/pull/14] the token, that is issued by google, is verified and only the verified email information is used. Thank you.
> Security flaw in pluginportal's google sign on
> ----------------------------------------------
>
> Key: NETBEANS-3242
> URL: https://issues.apache.org/jira/browse/NETBEANS-3242
> Project: NetBeans
> Issue Type: Bug
> Components: updatecenters - Pluginportal
> Affects Versions: 3.0
> Reporter: Jan Pirek
> Assignee: Jan Pirek
> Priority: Major
> Fix For: 3.0
>
>
> Login process should work with google auth token and backend controller should verify and extract user from token insteas of passed value from client js part of the login which can be altered.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists