[keycloak-user] Management of compromising bug tickets

Brian Watson watson409 at gmail.com
Wed May 25 19:23:27 EDT 2016


Hey all,

I love the fact that your backlog is very transparent, and that I can see a
list of all tasks completed for a given release.

However, I was wondering how you handle tasks for compromising bugs? For
instance, one could look in the backlog for a bug that states "If you send
'123' to the master realm token endpoint at precisely 6:59am on a Tuesday,
and you will be granted an admin token! Please Fix!", and use that
information to gain access to the systems of those using Keycloak.

Thank you in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160525/dfe6f680/attachment.html 


More information about the keycloak-user mailing list