[jira] [Commented] (CXF-4425) [OAuth] enable to send multiple requests with the same header

Evgeni Kisel (JIRA) Mon, 16 Jul 2012 07:02:36 -0700

    [ 
https://issues.apache.org/jira/browse/CXF-4425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13415137#comment-13415137
 ]


Evgeni Kisel commented on CXF-4425:
-----------------------------------

1. It's a service provider security violation. 
2. OAuth specification (http://oauth.net/core/1.0/#nonce) : The nonce allows 
the Service Provider to verify that a request has never been made before and 
helps prevent replay attacks when requests are made over a non-secure channel 
(such as HTTP). 

But there are no such verification.
                
> [OAuth] enable to send multiple requests with the same header
> -------------------------------------------------------------
>
>                 Key: CXF-4425
>                 URL: https://issues.apache.org/jira/browse/CXF-4425
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
>
> It's possible to send multiple request with the same header. Actually it's a 
> security violation.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CXF-4425) [OAuth] enable to send multiple requests with the same header

Reply via email to