+1. Will fix this. Thanks, Hasini.
On Wed, Sep 5, 2012 at 12:33 PM, Prabath Siriwardena <[email protected]>wrote: > > > On Wed, Sep 5, 2012 at 12:30 PM, Afkham Azeez <[email protected]> wrote: > >> >> >> On Wed, Sep 5, 2012 at 12:22 PM, Prabath Siriwardena <[email protected]>wrote: >> >>> >>> >>> On Wed, Sep 5, 2012 at 12:22 PM, Hasini Gunasinghe <[email protected]>wrote: >>> >>>> >>>> >>>> On Wed, Sep 5, 2012 at 12:04 PM, Afkham Azeez <[email protected]> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Sep 5, 2012 at 2:13 AM, Senaka Fernando <[email protected]>wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Right now I can log in as admin/admin and also [email protected]/admin. >>>>>> Is this proper behavior? >>>>>> >>>>> >>>>> :) You have discovered an easter egg in Carbon :) If a user tries to >>>>> login as [email protected] we should throw an authentication failure. >>>>> >>>> >>> >>>> >>>> Even with correct admin credentials? >>>> >>> >>> Yes.. what is the risk here..? >>> >> >> It can cause downstream logic to fail. Besides "carbon.super" & tenant ID >> of -1234 are internal details which we don't expose. We may decide to >> change super tenant name to "super.duper.dude" in the future because we >> came up with that as an internal implementation detail. But if some clients >> start relying on "carbon.super" & -1234, then externals parties will get >> affected. So, we should not allow or encourage others to use these when >> they call into Carbon. So, we put a stop to it then and there by throwing >> an authentication exception. >> > > +1 > > Thanks & regards, > -Prabath > > >> >> >>> >>> Thanks & regards, >>> -Prabath >>> >>> >>>> I too have tried this before and I do not see why we should throw an >>>> authentication failure.. May be I have missed some aspect.. Would >>>> appreciate more insight on what is the risk here... >>>> >>>> Thanks, >>>> Hasini. >>>> >>>>> Can we get this fixed soon? Should be a simple fix. >>>>> >>>>> >>>>>> >>>>>> If it is proper, some UIs are not rendering properly when I log in as >>>>>> "[email protected]". For example, half of "admin/index.jsp" is gone. >>>>>> >>>>>> Thanks, >>>>>> Senaka. >>>>>> >>>>>> -- >>>>>> *Senaka Fernando* >>>>>> Member - Integration Technologies Management Committee; >>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>> Member; Apache Software Foundation; http://apache.org >>>>>> >>>>>> E-mail: senaka AT wso2.com >>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>> >>>>>> *Lean . Enterprise . Middleware >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Afkham Azeez* >>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>> * <http://www.apache.org/>** >>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>> twitter: >>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>> * >>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>> >>>>> * >>>>> * >>>>> *Lean . Enterprise . Middleware* >>>>> >>>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >>> >> >> >> -- >> *Afkham Azeez* >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>** >> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
