I think the payload size is probably not an issue in the vast majority of the use cases, so a simple cosign setting for the max size of all the post variables would be sufficient. But yes, it would require some thought.
Chris On 2014-07-09 13:39, Mark Montague wrote: > On 2014-07-09, 16:23, Chris Hecker wrote: >> I would think the current post could be stuffed into the post_error.html >> page (or its replacement) when it's generated, then carried across to >> the login page, and then reposted, so it wouldn't require javascript at >> all. I haven't thought about it too much, though. > > That could work. > > But keep in mind that the user would upload the data to the central > weblogin server when they were redirected there, then the data would be > downloaded in the login page, uploaded again when the user submitted the > login page -- and this would download/upload/download cycle would repeat > each time the user had an authentication error such as a mistyped > password -- and then downloaded again to the user's browser when the > user was redirected back to the cosign-protected web server, and then > finally uploaded to the cosign-protected web server (assuming that the > web server didn't bounce them back again to satisfy an additional factor > or for some other reason). > > Now image that the message the user was adding to the forum thread that > triggered the reauthentication event included a 100 MB video attachment > and that the user was on a slow broadband connection at home. > > I do think that this problem might be solvable, I just wanted to point > out that the solution should be carefully designed -- I think there are > a number of "interesting" edge cases and issues that would have to be > considered. > > In the meantime, individual institutions that use cosign could modify > their post_error.html to include a link to Lazarus and similar browser > plugins so that the user could install one and avoid the loss next time. > ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
