[jira] [Commented] (SCB-1263) forward request in edge should not inherit cse-context

wujimin (JIRA) Fri, 19 Apr 2019 19:11:08 -0700


    [ 
https://issues.apache.org/jira/browse/SCB-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16822312#comment-16822312
 ]


wujimin commented on SCB-1263:
------------------------------

this type inject is a high risk operation

we should not inherit cse-context when forward request in edge automatically

maybe we can provide a way to allow developer inherit it manully

> forward request in edge should not inherit cse-context
> ------------------------------------------------------
>
>                 Key: SCB-1263
>                 URL: https://issues.apache.org/jira/browse/SCB-1263
>             Project: Apache ServiceComb
>          Issue Type: Task
>          Components: Java-Chassis
>            Reporter: wujimin
>            Assignee: YaoHaishi
>            Priority: Major
>             Fix For: java-chassis-1.3.0
>
>
> to avoid attacker to falsify the credentials of other users



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (SCB-1263) forward request in edge should not inherit cse-context

Reply via email to