You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Rajdeep Dua (JIRA)" <ji...@apache.org> on 2008/08/07 21:18:46 UTC
[jira] Created: (SHINDIG-498) Invalid security token accepted by
REST Endpoint
Invalid security token accepted by REST Endpoint
------------------------------------------------
Key: SHINDIG-498
URL: https://issues.apache.org/jira/browse/SHINDIG-498
Project: Shindig
Issue Type: Bug
Components: RESTful API (Java)
Environment: All
Reporter: Rajdeep Dua
st=a:a:a:a:a:a
is accepted as a valid security token
Complete URL :
http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (SHINDIG-498) Invalid security token accepted by REST Endpoint
Posted by Ropu <ro...@gmail.com>.
In PHP we have a setting in the config that enables/disables plain text sec
Tokens
ropu
On Thu, Aug 7, 2008 at 9:40 PM, Rajdeep Dua (JIRA) <ji...@apache.org> wrote:
>
> [
> https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620741#action_12620741]
>
> Rajdeep Dua commented on SHINDIG-498:
> -------------------------------------
>
> This can be pretty dangerous unless it is explicitly stated that social
> networks need to change this.
> Suggestion : Issue a WARNING while starting shindig that the security
> token decoder needs to be modified.
>
> > Invalid security token accepted by REST Endpoint
> > ------------------------------------------------
> >
> > Key: SHINDIG-498
> > URL: https://issues.apache.org/jira/browse/SHINDIG-498
> > Project: Shindig
> > Issue Type: Bug
> > Components: RESTful API (Java)
> > Environment: All
> > Reporter: Rajdeep Dua
> >
> > st=a:a:a:a:a:a
> > is accepted as a valid security token
> > Complete URL :
> >
> http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
--
.-. --- .--. ..-
R o p u
[jira] Commented: (SHINDIG-498) Invalid security token accepted by
REST Endpoint
Posted by "Cassie Doll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620737#action_12620737 ]
Cassie Doll commented on SHINDIG-498:
-------------------------------------
With the default security token decoder this token is perfectly valid. Real social networks should implement their own decoder which can be a little more sophisticated by validating userIds appIds and what not.
> Invalid security token accepted by REST Endpoint
> ------------------------------------------------
>
> Key: SHINDIG-498
> URL: https://issues.apache.org/jira/browse/SHINDIG-498
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (Java)
> Environment: All
> Reporter: Rajdeep Dua
>
> st=a:a:a:a:a:a
> is accepted as a valid security token
> Complete URL :
> http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHINDIG-498) Invalid security token accepted by
REST Endpoint
Posted by "Rajdeep Dua (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620741#action_12620741 ]
Rajdeep Dua commented on SHINDIG-498:
-------------------------------------
This can be pretty dangerous unless it is explicitly stated that social networks need to change this.
Suggestion : Issue a WARNING while starting shindig that the security token decoder needs to be modified.
> Invalid security token accepted by REST Endpoint
> ------------------------------------------------
>
> Key: SHINDIG-498
> URL: https://issues.apache.org/jira/browse/SHINDIG-498
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (Java)
> Environment: All
> Reporter: Rajdeep Dua
>
> st=a:a:a:a:a:a
> is accepted as a valid security token
> Complete URL :
> http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SHINDIG-498) Invalid security token accepted by
REST Endpoint
Posted by "Paul Lindner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Lindner resolved SHINDIG-498.
----------------------------------
Resolution: Won't Fix
won't fix.
> Invalid security token accepted by REST Endpoint
> ------------------------------------------------
>
> Key: SHINDIG-498
> URL: https://issues.apache.org/jira/browse/SHINDIG-498
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (Java)
> Environment: All
> Reporter: Rajdeep Dua
>
> st=a:a:a:a:a:a
> is accepted as a valid security token
> Complete URL :
> http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.