[jboss-jira] [JBoss JIRA] (JGRP-1661) AUTH bypasses join requests without auth_headers
Bela Ban (JIRA)
jira-events at lists.jboss.org
Thu Jul 18 16:41:26 EDT 2013
[ https://issues.jboss.org/browse/JGRP-1661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban updated JGRP-1661:
---------------------------
Fix Version/s: 3.3.4
3.4
> AUTH bypasses join requests without auth_headers
> ------------------------------------------------
>
> Key: JGRP-1661
> URL: https://issues.jboss.org/browse/JGRP-1661
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.3.3
> Reporter: Sergey Tumashov
> Assignee: Bela Ban
> Fix For: 3.3.4, 3.4
>
>
> The cluster coordinator allows new members to join the cluster if their join requests do not contain auth headers.
> A simple test case would involve two nodes. One node should be configured to use a protocol stack with AUTH. The other node should use the same stack but with AUTH excluded. The node that uses AUTH needs to be brought up first so it can become cluster coordinator. The second node will now successfully join the cluster even though it does not send any auth tokens along with its join requests.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list