[jboss-jira] [JBoss JIRA] (SECURITY-651) auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
Tom Fonteyne (JIRA)
jira-events at lists.jboss.org
Tue Mar 13 06:21:47 EDT 2012
[ https://issues.jboss.org/browse/SECURITY-651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tom Fonteyne deleted SECURITY-651:
----------------------------------
> auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-651
> URL: https://issues.jboss.org/browse/SECURITY-651
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Environment: all
> Reporter: Tom Fonteyne
> Assignee: Tom Fonteyne
> Priority: Minor
>
> auditing is inconsistent: it filters out "authorization" header but does not filter out the "j_password" form field parameter
> This got fixed in SECURITY-650 for the class:
> jbosssx/ src/ main/ java/ org/ jboss/ security/ authorization/ resources/ WebResource.java
> Also needs fixing in:
> org/ jboss/ web/ tomcat/ security/ WebUtil.java
> which is a (broken) copy of the former class method
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list