You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by "Kevin Brown (JIRA)" <ji...@apache.org> on 2008/05/03 01:08:55 UTC

[jira] Closed: (SHINDIG-211) signed fetcher too paranoid

     [ https://issues.apache.org/jira/browse/SHINDIG-211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Brown closed SHINDIG-211.
-------------------------------

    Resolution: Fixed

Applied. Thank you!

> signed fetcher too paranoid
> ---------------------------
>
>                 Key: SHINDIG-211
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-211
>             Project: Shindig
>          Issue Type: Bug
>            Reporter: Brian Eaton
>         Attachments: signed-fetch-legal-chars.patch
>
>
> Symptom: somebody complains that their makeRequest doesn't verify properly or that parameters are missing.
> Root cause: SigningFetcher is overly paranoid about signing parameters with weird characters in the names.
> Source of confusion: Instead of throwing an exception when it can't sign a message, SigningFetcher either removes the invalid parameter entirely (query string) or leaves the parameter out of the signature base string (post body).
> I've made SigningFetcher less paranoid, and also made it throw exceptions early on if a request contains invalid query or post parameters.
> Some subset of requests that used to "work" with invalid signatures or missing parameters will now fail.  Early/obvious failures are better than late/subtle ones.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.