Colm O hEigeartaigh created ATLAS-1525:
------------------------------------------
Summary: Don't return "Reason" on a 401
Key: ATLAS-1525
URL: https://issues.apache.org/jira/browse/ATLAS-1525
Project: Atlas
Issue Type: Bug
Reporter: Colm O hEigeartaigh
Fix For: 0.8-incubating
When authorization fails via the REST API, Atlas is returning the "Reason".
This is definitely not good security practice, if not an outright security risk.
For example on an unknown user it is returning "Reason:
<pre> Username not found.xxxx" and for an incorrect password " Reason: <pre>
Wrong password</pre>".
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
