[jboss-jira] [JBoss JIRA] (AS7-4646) Management Console needs to support FORM authentication
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Fri Apr 27 11:10:18 EDT 2012
[ https://issues.jboss.org/browse/AS7-4646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688402#comment-12688402 ]
Darran Lofthouse commented on AS7-4646:
---------------------------------------
Sorry still not following you, what trade off are you talking about in HTTP Digest? For both Basic authentication and Digest authentication it is a challenge response authentication step, for FORM authentication you are now bringing in the need for maintaining session state to a stateless protocol and now introducing the risk of the various session fixation exploits out there.
> Management Console needs to support FORM authentication
> -------------------------------------------------------
>
> Key: AS7-4646
> URL: https://issues.jboss.org/browse/AS7-4646
> Project: Application Server 7
> Issue Type: Feature Request
> Components: Console
> Reporter: Jess Sightler
> Assignee: Jason Greene
> Labels: security
>
> Many clients have security requirements that disallow HTTP Basic authentication. HTTP Digest is also disallowed due to the requirement to store plaintext passwords on the server. HTTP Form based authentication would provide a much smoother experience for users and comply with client requirements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list