mysticaltech opened a new issue #10632: URL: https://github.com/apache/incubator-superset/issues/10632
I would have expected that upon the submission of wrong credentials, a 401 Unauthorized HTTP error code would be emitted, but that is not the case, the login fails with an HTTP 200 OK. This makes it hard to mitigate brute-force attacks with a tool like fail2ban, as there is not differentiators in the logs. ### Expected results Return a HTTP 401 Unauthorized error code when wrong credentials are submitted ### Actual results what actually happens. #### Screenshots If applicable, add screenshots to help explain your problem. #### How to reproduce the bug 1. Tail your web-server log with a tool like `less +F access.log` 2. Enter wrong credentials and observe the 200 OK response ### Environment - superset version: `superset 0.36.0` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
