Samuel Ottenhoff created DS-1191:
------------------------------------
Summary: resumeLogin method has comment "Possible hack attempt"
with no output to log
Key: DS-1191
URL: https://jira.duraspace.org/browse/DS-1191
Project: DSpace
Issue Type: Bug
Components: XMLUI
Reporter: Samuel Ottenhoff
Priority: Major
I discovered this code when debugging a Shibboleth login behind an Nginx +
Apache setup. The IP was not consistent. DSpace was not offering any helpful
debug errors. So I had to step through and figure out the failure. A simple
comment in the logs should be present instead of a silent else statement.
if (address != null && address.equals(request.getRemoteAddr())) {
}
else {
// Possible hack attempt.
Please print error to logs!!
}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
