I think I have touched upon everything in the code base that seems to be a
LoginModule implementation. Only thing that remains w.r.t LoginModules is
the moving of NamedUPCredentialLoginModule to o.a.g.s.realm.providers. (I
have not bothered about changing UPCredentialLoginModule as I have marked
On Nov 1, 2007, at 9:59 AM, Jarek Gawor wrote:
Yes, that's a good idea. Also, excellent work with reviewing the
LoginModules and adding tests!!!
I just added two new LoginModules to look at. I'm particularly
concerned about CertificateChainLoginModule since it always returns
true in its login(
Folks,
We added a bunch of tests in the last few days but we still need some
help identifying and reviewing the components. Please see the wiki
page ( http://cwiki.apache.org/confluence/display/GMOxDEV/Security+Review)
for latest updates.
Thanks,
Jarek
On 10/29/07, Jarek Gawor <[EMAIL PROTECTED]
Yes, that's a good idea. Also, excellent work with reviewing the
LoginModules and adding tests!!!
I just added two new LoginModules to look at. I'm particularly
concerned about CertificateChainLoginModule since it always returns
true in its login() function. But I'm not exactly sure how this is
be
I think we should create JIRAs for each review activity that results in code
changes and update the wiki with the JIRA number. This way we will be able
to track the progress on each activity in one central place. Also, add
important points from this discussion thread to the wiki too.
++Vamsi
On
Thanks Jarek and Prasad for getting the ball rolling.
++Vamsi
On 10/30/07, Prasad Kashyap <[EMAIL PROTECTED]> wrote:
>
> I agree. Our strategy to make Geronimo secure should include an
> elaborate set of unit testcases, a rich set of tests in the
> security-testsuite in our testsuite framework,
I agree. Our strategy to make Geronimo secure should include an
elaborate set of unit testcases, a rich set of tests in the
security-testsuite in our testsuite framework, along with peer
review of code in components that are potential security risks.
We should aim to have imbricate or maybe even
A few security problems were discovered in Geronimo in the last few
months and weeks. Most of them were Geronimo-specific except one.
Therefore, I think we should spend a little bit of our time to review
our code and check for potential security problems.
As the first step, I think we should identi