Hi,
I look at your code and are a little bit concerned about the solution for
Login-page itself.
Wouldn't it be easy to include "org.geoserver.web.GeoServerLoginPage" as a
part of the queryString in any url?
In that way this hack would be a fairly decent security hole.
Regards,
Roar Brænden
2013/7/23 Christian Mueller <[email protected]>
> The issue is here
>
> https://jira.codehaus.org/browse/GEOS-5921#comment-329355
>
> The patch is here
>
>
> https://github.com/mcrmcr/geoserver-1/commit/7c3e9aaf7aa4a625099fcd6bd88199b5ed1c15e7
>
> The patch contains only a few lines, but it is a hack. As a consequence, a
> review would be nice.
>
> @Justin, I think this class was invented by you.
>
> Thanks to reviewer :-)
>
>
> --
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
> OSS Open Source Solutions GmbH
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
