You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@clerezza.apache.org by Reto Bachmann-Gmuer <re...@trialox.org> on 2011/05/10 15:08:27 UTC

logging in with undereferenceable webid

Hello

I've just noticed that I can log in to a clerezza instance even when my
webid cannnot be dereferenced, a local cache graph os size 0 is created.

Login used to be possible only with a valid WebId so this is a clear
regression. @Henry, I assume this is a releted to one of your recent changes
(in CLEREZZA-479), could your roll them back in trunk and move them to an
issue branch as long as the problems aren't fix so this is not an impediment
to release.

Cheers,
Reto

Re: logging in with undereferenceable webid

Posted by Henry Story <he...@bblfish.net>.

On 10 May 2011, at 16:27, Henry Story wrote:

> 
> On 10 May 2011, at 15:08, Reto Bachmann-Gmuer wrote:
> 
>> Hello
>> 
>> I've just noticed that I can log in to a clerezza instance even when my webid cannnot be dereferenced, a local cache graph os size 0 is created. 
> 
> Can you detail how this login happens? Do you use a browser?
> 
> Perhaps it is simply that you have a cookie set, and that you logged in with your cookie?

What does the test suite tell you, if you go to /test/WebID on you installation after having installed it

with 

:f install mvn:org.apache.clerezza/platform.security.foafssl.core/0.1-incubating-SNAPSHOT



> 
> Henry
> 
>> 
>> Login used to be possible only with a valid WebId so this is a clear regression. @Henry, I assume this is a releted to one of your recent changes (in CLEREZZA-479), could your roll them back in trunk and move them to an issue branch as long as the problems aren't fix so this is not an impediment to release.
>> 
>> Cheers,
>> Reto
> 
> Social Web Architect
> http://bblfish.net/
> 

Social Web Architect
http://bblfish.net/

Re: logging in with undereferenceable webid

Posted by Henry Story <he...@bblfish.net>.

On 10 May 2011, at 15:08, Reto Bachmann-Gmuer wrote:

> Hello
> 
> I've just noticed that I can log in to a clerezza instance even when my webid cannnot be dereferenced, a local cache graph os size 0 is created. 

Can you detail how this login happens? Do you use a browser?

Perhaps it is simply that you have a cookie set, and that you logged in with your cookie?

Henry

> 
> Login used to be possible only with a valid WebId so this is a clear regression. @Henry, I assume this is a releted to one of your recent changes (in CLEREZZA-479), could your roll them back in trunk and move them to an issue branch as long as the problems aren't fix so this is not an impediment to release.
> 
> Cheers,
> Reto

Social Web Architect
http://bblfish.net/

Re: logging in with undereferenceable webid

Posted by Henry Story <he...@bblfish.net>.

On 10 May 2011, at 16:12, Reto Bachmann-Gmuer wrote:

> Ok, I've checked it out with the version of 2011-03-31, i.e. before the
> first commit in ZZ-479, there I correctly fail to log in with a WebId that
> cannot be dereferenced. Is there any other issue affecting the relevant code
> in this period?
> 
> I think we should make sure that patches to issues provide are actual
> improvement, rather than accept regressions and open new issues against
> them.

This is an improvement, since it is what will allow automated testing of
the whole thing. 

If you are so keen on security, please allow me to think about it and fix it,
and I'd suggest removing the Apache Felix Web Management Console which has a 
different admin password than the main admin - so you told me - and which is 
bound to leave a back door in every Clerezza installation. That seems easy to
fix.

	Henry



> 
> Its certainly a problem of having such big issues, once closed the patch of
> an issue is considered as accepted after 3 days, in this case a new issue
> would have to be raised.
> 
> Reto
> 
> On Tue, May 10, 2011 at 3:20 PM, Henry Story <he...@bblfish.net>wrote:
> 
>> 
>> On 10 May 2011, at 15:08, Reto Bachmann-Gmuer wrote:
>> 
>>> Hello
>>> 
>>> I've just noticed that I can log in to a clerezza instance even when my
>> webid cannnot be dereferenced, a local cache graph os size 0 is created.
>> 
>> Ok, that's a bug. Thanks for noticing.
>> 
>>> Login used to be possible only with a valid WebId so this is a clear
>> regression. @Henry, I assume this is a releted to one of your recent changes
>> (in CLEREZZA-479), could your roll them back in trunk and move them to an
>> issue branch as long as the problems aren't fix so this is not an impediment
>> to release.
>> 
>> Why do you assume that? I don't see why rolling back would not create more
>> problems than just fixing this one. Why don't you just log a bug report and
>> assign it to me. I'll put try to fix it immediately.
>> 
>> Henry
>> 
>> 
>>> 
>>> Cheers,
>>> Reto
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 

Social Web Architect
http://bblfish.net/

Re: logging in with undereferenceable webid

Posted by Reto Bachmann-Gmuer <re...@trialox.org>.

Ok, I've checked it out with the version of 2011-03-31, i.e. before the
first commit in ZZ-479, there I correctly fail to log in with a WebId that
cannot be dereferenced. Is there any other issue affecting the relevant code
in this period?

I think we should make sure that patches to issues provide are actual
improvement, rather than accept regressions and open new issues against
them.

Its certainly a problem of having such big issues, once closed the patch of
an issue is considered as accepted after 3 days, in this case a new issue
would have to be raised.

Reto

On Tue, May 10, 2011 at 3:20 PM, Henry Story <he...@bblfish.net>wrote:

>
> On 10 May 2011, at 15:08, Reto Bachmann-Gmuer wrote:
>
> > Hello
> >
> > I've just noticed that I can log in to a clerezza instance even when my
> webid cannnot be dereferenced, a local cache graph os size 0 is created.
>
> Ok, that's a bug. Thanks for noticing.
>
> > Login used to be possible only with a valid WebId so this is a clear
> regression. @Henry, I assume this is a releted to one of your recent changes
> (in CLEREZZA-479), could your roll them back in trunk and move them to an
> issue branch as long as the problems aren't fix so this is not an impediment
> to release.
>
> Why do you assume that? I don't see why rolling back would not create more
> problems than just fixing this one. Why don't you just log a bug report and
> assign it to me. I'll put try to fix it immediately.
>
> Henry
>
>
> >
> > Cheers,
> > Reto
>
> Social Web Architect
> http://bblfish.net/
>
>

Re: logging in with undereferenceable webid

Posted by Henry Story <he...@bblfish.net>.

On 10 May 2011, at 15:08, Reto Bachmann-Gmuer wrote:

> Hello
> 
> I've just noticed that I can log in to a clerezza instance even when my webid cannnot be dereferenced, a local cache graph os size 0 is created. 

Ok, that's a bug. Thanks for noticing.

> Login used to be possible only with a valid WebId so this is a clear regression. @Henry, I assume this is a releted to one of your recent changes (in CLEREZZA-479), could your roll them back in trunk and move them to an issue branch as long as the problems aren't fix so this is not an impediment to release.

Why do you assume that? I don't see why rolling back would not create more problems than just fixing this one. Why don't you just log a bug report and assign it to me. I'll put try to fix it immediately.

Henry


> 
> Cheers,
> Reto

Social Web Architect
http://bblfish.net/