[ http://wso2.org/jira/browse/IDENTITY-80?page=all ]
Dumindu Pallewela closed IDENTITY-80. ------------------------------------- > Use subprocess_env instead of the headers_in table to provide the required > details to the relying parties > --------------------------------------------------------------------------------------------------------- > > Key: IDENTITY-80 > URL: http://wso2.org/jira/browse/IDENTITY-80 > Project: WSO2 Identity Solution > Issue Type: Improvement > Components: mod_cspace > Affects Versions: alpha, Current (Nightly) > Environment: apache2 > Reporter: Dumindu Pallewela > Assigned To: Dumindu Pallewela > Priority: Minor > Fix For: 1.0 > > > HTTPD module should add the cardspace authentication details to the > subprocess_env table of apache request rather than to the headers_in table. > Current way, that is using the headers_in make things complicated since we > will have to check if the client sends the headers that only we should be > setting. subprocess_env on the other hand is a the environment that the > webapp is run on the server side, hence is not susceptible to such attacks. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ Identity-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
