[
https://issues.jboss.org/browse/AS7-4623?page=com.atlassian.jira.plugin.s...
]
Jason Greene commented on AS7-4623:
-----------------------------------
What darren is referring to is that form auth requires sending passwords in the clear, so
without SSL by default (which we dont do out of the box since that requires certs be
configured), then our out of the box mechanism would be sending passwords in the clear the
second they change the management bind address to a public interface.
LogoutHandler.java misspells the referer header
-----------------------------------------------
Key: AS7-4623
URL:
https://issues.jboss.org/browse/AS7-4623
Project: Application Server 7
Issue Type: Bug
Components: Domain Management
Reporter: Jess Sightler
Assignee: Jason Greene
Original code is:
String referrer = responseHeaders.getFirst("Referrer");
But the HTTP Referer header is actually spelled "Referer". Pull request with
fix is here:
https://github.com/jbossas/jboss-as/pull/2139
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira