[
https://issues.apache.org/jira/browse/NETBEANS-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matthias Bläsing closed NETBEANS-3242.
--------------------------------------
With the change from [https://github.com/apache/netbeans-tools/pull/14] the
token, that is issued by google, is verified and only the verified email
information is used. Thank you.
> Security flaw in pluginportal's google sign on
> ----------------------------------------------
>
> Key: NETBEANS-3242
> URL: https://issues.apache.org/jira/browse/NETBEANS-3242
> Project: NetBeans
> Issue Type: Bug
> Components: updatecenters - Pluginportal
> Affects Versions: 3.0
> Reporter: Jan Pirek
> Assignee: Jan Pirek
> Priority: Major
> Fix For: 3.0
>
>
> Login process should work with google auth token and backend controller
> should verify and extract user from token insteas of passed value from client
> js part of the login which can be altered.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
