tzssangglass commented on PR #7497: URL: https://github.com/apache/apisix/pull/7497#issuecomment-1190980140
> The place to change is when accessing resources, which should have nothing to do with authentication. So there will be no account password operation. If it returns 403, then the reverse proves that the account password is correct, just without permissions. This is to prevent password blasting. Previously, APISIX had a focused change to the auth class plugin to reduce the amount of internal information exposed to the client. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
