On Mon, Apr 11, 2011 at 10:46 PM, Tim Schaub <[email protected]> wrote: > After testing the patch, I added my comments from a client perspective > to the ticket. > > http://jira.codehaus.org/browse/GEOS-4477 > > Exec summary: only folks who were relying on the cookie from > unauthenticated requests should be affected.
Pity. The client was certainly used some undocumented (and unintended) behavior, I'm wondering how many people noticed that loophole and are going to be affected. As far as I understand from your comments there are workarounds that use the form based authentication, right? That is not really a supported path either, but at least it's one that is supposed to create a session, while restful services should be stateless. Other options? Cheers Andrea -- ------------------------------------------------------- Ing. Andrea Aime GeoSolutions S.A.S. Tech lead Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 962313 mob: +39 333 8128928 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.youtube.com/user/GeoSolutionsIT http://www.linkedin.com/in/andreaaime http://twitter.com/geowolf ------------------------------------------------------- ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
