[ http://wso2.org/jira/browse/IDENTITY-80?page=all ]
Dumindu Pallewela resolved IDENTITY-80.
---------------------------------------
Resolution: Fixed
Fixed as of r10406
> Use subprocess_env instead of the headers_in table to provide the required
> details to the relying parties
> ---------------------------------------------------------------------------------------------------------
>
> Key: IDENTITY-80
> URL: http://wso2.org/jira/browse/IDENTITY-80
> Project: WSO2 Identity Solution
> Issue Type: Improvement
> Components: mod_cspace
> Affects Versions: alpha, Current (Nightly)
> Environment: apache2
> Reporter: Dumindu Pallewela
> Assigned To: Dumindu Pallewela
> Priority: Minor
> Fix For: 1.0
>
>
> HTTPD module should add the cardspace authentication details to the
> subprocess_env table of apache request rather than to the headers_in table.
> Current way, that is using the headers_in make things complicated since we
> will have to check if the client sends the headers that only we should be
> setting. subprocess_env on the other hand is a the environment that the
> webapp is run on the server side, hence is not susceptible to such attacks.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
