Prabath, can you commit this patch? On Wed, Sep 5, 2012 at 2:51 PM, Afkham Azeez <[email protected]> wrote:
> I'm getting an error while applying the patch at > the carbon/kernel/branches/4.0.0/core/org.wso2.carbon.core/4.0.1 level > > > On Wed, Sep 5, 2012 at 2:27 PM, Hasini Gunasinghe <[email protected]> wrote: > >> Please find the attached patch with the fix. >> >> Thanks, >> Hasini. >> >> >> On Wed, Sep 5, 2012 at 12:43 PM, Hasini Gunasinghe <[email protected]>wrote: >> >>> +1. Will fix this. >>> >>> Thanks, >>> Hasini. >>> >>> On Wed, Sep 5, 2012 at 12:33 PM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> >>>> >>>> On Wed, Sep 5, 2012 at 12:30 PM, Afkham Azeez <[email protected]> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Sep 5, 2012 at 12:22 PM, Prabath Siriwardena <[email protected] >>>>> > wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Sep 5, 2012 at 12:22 PM, Hasini Gunasinghe >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Sep 5, 2012 at 12:04 PM, Afkham Azeez <[email protected]>wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Sep 5, 2012 at 2:13 AM, Senaka Fernando <[email protected]>wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> Right now I can log in as admin/admin and also >>>>>>>>> [email protected]/admin. >>>>>>>>> Is this proper behavior? >>>>>>>>> >>>>>>>> >>>>>>>> :) You have discovered an easter egg in Carbon :) If a user tries >>>>>>>> to login as [email protected] we should throw an authentication >>>>>>>> failure. >>>>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>>> Even with correct admin credentials? >>>>>>> >>>>>> >>>>>> Yes.. what is the risk here..? >>>>>> >>>>> >>>>> It can cause downstream logic to fail. Besides "carbon.super" & tenant >>>>> ID of -1234 are internal details which we don't expose. We may decide to >>>>> change super tenant name to "super.duper.dude" in the future because we >>>>> came up with that as an internal implementation detail. But if some >>>>> clients >>>>> start relying on "carbon.super" & -1234, then externals parties will get >>>>> affected. So, we should not allow or encourage others to use these when >>>>> they call into Carbon. So, we put a stop to it then and there by throwing >>>>> an authentication exception. >>>>> >>>> >>>> +1 >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> Thanks & regards, >>>>>> -Prabath >>>>>> >>>>>> >>>>>>> I too have tried this before and I do not see why we should throw an >>>>>>> authentication failure.. May be I have missed some aspect.. Would >>>>>>> appreciate more insight on what is the risk here... >>>>>>> >>>>>>> Thanks, >>>>>>> Hasini. >>>>>>> >>>>>>>> Can we get this fixed soon? Should be a simple fix. >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> If it is proper, some UIs are not rendering properly when I log in >>>>>>>>> as "[email protected]". For example, half of "admin/index.jsp" >>>>>>>>> is gone. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Senaka. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Senaka Fernando* >>>>>>>>> Member - Integration Technologies Management Committee; >>>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>> >>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>> >>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Afkham Azeez* >>>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>> * <http://www.apache.org/>** >>>>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>>>> twitter: >>>>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>>>> * >>>>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>>>> >>>>>>>> * >>>>>>>> * >>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Mobile : +94 71 809 6732 >>>>>> >>>>>> http://blog.facilelogin.com >>>>>> http://RampartFAQ.com >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Afkham Azeez* >>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>> * <http://www.apache.org/>** >>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>> twitter: >>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>> * >>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>> * >>>>> * >>>>> *Lean . Enterprise . Middleware* >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://RampartFAQ.com >>>> >>>> >>> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>** email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
