On Wed, Sep 5, 2012 at 12:22 PM, Prabath Siriwardena <[email protected]>wrote:
> > > On Wed, Sep 5, 2012 at 12:22 PM, Hasini Gunasinghe <[email protected]>wrote: > >> >> >> On Wed, Sep 5, 2012 at 12:04 PM, Afkham Azeez <[email protected]> wrote: >> >>> >>> >>> On Wed, Sep 5, 2012 at 2:13 AM, Senaka Fernando <[email protected]> wrote: >>> >>>> Hi all, >>>> >>>> Right now I can log in as admin/admin and also [email protected]/admin. >>>> Is this proper behavior? >>>> >>> >>> :) You have discovered an easter egg in Carbon :) If a user tries to >>> login as [email protected] we should throw an authentication failure. >>> >> > >> >> Even with correct admin credentials? >> > > Yes.. what is the risk here..? > It can cause downstream logic to fail. Besides "carbon.super" & tenant ID of -1234 are internal details which we don't expose. We may decide to change super tenant name to "super.duper.dude" in the future because we came up with that as an internal implementation detail. But if some clients start relying on "carbon.super" & -1234, then externals parties will get affected. So, we should not allow or encourage others to use these when they call into Carbon. So, we put a stop to it then and there by throwing an authentication exception. > > Thanks & regards, > -Prabath > > >> I too have tried this before and I do not see why we should throw an >> authentication failure.. May be I have missed some aspect.. Would >> appreciate more insight on what is the risk here... >> >> Thanks, >> Hasini. >> >>> Can we get this fixed soon? Should be a simple fix. >>> >>> >>>> >>>> If it is proper, some UIs are not rendering properly when I log in as >>>> "[email protected]". For example, half of "admin/index.jsp" is gone. >>>> >>>> Thanks, >>>> Senaka. >>>> >>>> -- >>>> *Senaka Fernando* >>>> Member - Integration Technologies Management Committee; >>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>> Member; Apache Software Foundation; http://apache.org >>>> >>>> E-mail: senaka AT wso2.com >>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>> Linked-In: http://linkedin.com/in/senakafernando >>>> >>>> *Lean . Enterprise . Middleware >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>** email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
