[
https://jira.duraspace.org/browse/DS-1191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sands Fish updated DS-1191:
---------------------------
Documentation Status: Not Required (was: Needed)
Reviewer: [email protected]
Status: Open (was: Received)
> resumeLogin method has comment "Possible hack attempt" with no output to log
> ----------------------------------------------------------------------------
>
> Key: DS-1191
> URL: https://jira.duraspace.org/browse/DS-1191
> Project: DSpace
> Issue Type: Bug
> Components: XMLUI
> Reporter: Samuel Ottenhoff
> Priority: Major
>
> I discovered this code when debugging a Shibboleth login behind an Nginx +
> Apache setup. The IP was not consistent. DSpace was not offering any helpful
> debug errors. So I had to step through and figure out the failure. A simple
> comment in the logs should be present instead of a silent else statement.
> if (address != null && address.equals(request.getRemoteAddr())) {
>
> }
> else {
> // Possible hack attempt.
> Please print error to logs!!
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
