Alex O'Ree created JUDDI-559:
--------------------------------
Summary: Authentication Tokens do not expire
Key: JUDDI-559
URL: https://issues.apache.org/jira/browse/JUDDI-559
Project: jUDDI
Issue Type: Bug
Affects Versions: 3.1.4
Reporter: Alex O'Ree
Assignee: Kurt T Stam
This is a potential security vulnerability. Tokens issued by the Security API
do not expire. This increases the chances if a token could be obtained through
a man in the middle attack or through session hijacking that the stolen token
could be used to impersonate the user.
Suggestion, assign expiration timestamps to tokens that is administrator
configurable. Default setting should be about 15 minutes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
