> On Dec. 7, 2015, 2:22 p.m., Alexander Rukletsov wrote: > > 3rdparty/libprocess/src/authenticator.cpp, lines 39-40 > > <https://reviews.apache.org/r/38094/diff/15/?file=1128375#file1128375line39> > > > > I see you use the same error message in case something is wrong. Is it > > done on purpose for security reasons? Or do you think it makes sense to > > extend the message with specific note in each case? > > Alexander Rojas wrote: > It is actually not an error message but the challenge(-s) to be emited to > the client in authentication fails (See the constructor of > [Unauthorized](https://github.com/apache/mesos/blob/49296b9a80ec26bf77bc9191fff7b2f5e143b1d2/3rdparty/libprocess/include/process/http.hpp#L521) > which takes a vector). > > Still, the reason why you don't give detailed error messages is because > with authentication you want to be quite vague. When you failed to > authenticate to a site, it tells you that either your username doesn't exist > or your password was wrong, since you rather don't tell which one of the two > failed.
Got it, mind adding a comment about this for the next reader? - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/38094/#review109145 ----------------------------------------------------------- On Dec. 7, 2015, 3:11 p.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/38094/ > ----------------------------------------------------------- > > (Updated Dec. 7, 2015, 3:11 p.m.) > > > Review request for mesos, Adam B, Benjamin Hindman, Bernd Mathiske, and Till > Toenshoff. > > > Bugs: MESOS-3232 > https://issues.apache.org/jira/browse/MESOS-3232 > > > Repository: mesos > > > Description > ------- > > See summary. > > > Diffs > ----- > > 3rdparty/libprocess/Makefile.am 6ec6d7989df647f466ac6079738835ffcb2ea8ee > 3rdparty/libprocess/include/process/authenticator.hpp > 5a32e9a38a0bec7aa3faef23b792f3bf3d659d4f > 3rdparty/libprocess/src/CMakeLists.txt > 681f0cfec57e152568da41698c8bdd52c05f65a6 > 3rdparty/libprocess/src/authenticator.cpp PRE-CREATION > 3rdparty/libprocess/src/tests/http_tests.cpp > 2de75ca1c7e224c36b534c368e7379dc158aa5bb > > Diff: https://reviews.apache.org/r/38094/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Alexander Rojas > >