Alexander Wels has posted comments on this change. Change subject: webadmin: Store rest api session id in http session ......................................................................
Patch Set 1: (1 comment) http://gerrit.ovirt.org/#/c/25987/1//COMMIT_MSG Commit Message: Line 8: Line 9: - Altered the location that webadmin stores the REST API Line 10: session id it needs for the UI plugins from local storage Line 11: to the HTTP session. Line 12: > It took me a few times to parse this message. Suggest change to: Yes, its a security issue. Since everything has access to read the local storage, storing an auhenticated session id there is not the best plan. Line 13: Change-Id: I6fe9af54054aefe694876b1805a4a44f9bba0482 -- To view, visit http://gerrit.ovirt.org/25987 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I6fe9af54054aefe694876b1805a4a44f9bba0482 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alexander Wels <[email protected]> Gerrit-Reviewer: Alexander Wels <[email protected]> Gerrit-Reviewer: Einav Cohen <[email protected]> Gerrit-Reviewer: Greg Sheremeta <[email protected]> Gerrit-Reviewer: Vojtech Szocs <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
