[JBoss JIRA] (SECURITY-651) auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter

Tuesday, 13 March 2012

     [
https://issues.jboss.org/browse/SECURITY-651?page=com.atlassian.jira.plug...
]

Tom Fonteyne deleted SECURITY-651:
----------------------------------

...
 auditing is inconsistent: it filters out "authorization"
header but does not filter out the "j_password" form field parameter

-----------------------------------------------------------------------------------------------------------------------------

                 Key: SECURITY-651
                 URL: https://issues.jboss.org/browse/SECURITY-651
             Project: PicketBox (JBoss Security and Identity Management)
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
         Environment: all
            Reporter: Tom Fonteyne
            Assignee: Tom Fonteyne
            Priority: Minor

 auditing is inconsistent: it filters out "authorization" header but does not
filter out the "j_password" form field parameter
 This got fixed in SECURITY-650 for the class:
 jbosssx/ src/ main/ java/ org/ jboss/ security/ authorization/ resources/
WebResource.java
 Also needs fixing in:
 org/ jboss/ web/ tomcat/ security/ WebUtil.java
 which is a (broken) copy of the former class method 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006