You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Kevin Brown (JIRA)" <ji...@apache.org> on 2008/05/03 01:08:55 UTC
[jira] Closed: (SHINDIG-211) signed fetcher too paranoid
[ https://issues.apache.org/jira/browse/SHINDIG-211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Brown closed SHINDIG-211.
-------------------------------
Resolution: Fixed
Applied. Thank you!
> signed fetcher too paranoid
> ---------------------------
>
> Key: SHINDIG-211
> URL: https://issues.apache.org/jira/browse/SHINDIG-211
> Project: Shindig
> Issue Type: Bug
> Reporter: Brian Eaton
> Attachments: signed-fetch-legal-chars.patch
>
>
> Symptom: somebody complains that their makeRequest doesn't verify properly or that parameters are missing.
> Root cause: SigningFetcher is overly paranoid about signing parameters with weird characters in the names.
> Source of confusion: Instead of throwing an exception when it can't sign a message, SigningFetcher either removes the invalid parameter entirely (query string) or leaves the parameter out of the signature base string (post body).
> I've made SigningFetcher less paranoid, and also made it throw exceptions early on if a request contains invalid query or post parameters.
> Some subset of requests that used to "work" with invalid signatures or missing parameters will now fail. Early/obvious failures are better than late/subtle ones.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.