and the worst cases, namely inter-webapp credential sharing.
Keith
| -Original Message-
| From: Bill Barker [mailto:[EMAIL PROTECTED]
| Sent: Wednesday, March 12, 2003 1:28 AM
| To: Tomcat Developers List
| Subject: Re: 4.1 authentication bug / bug 14616
|
|
|
| - Original Message
Keith Wannamaker wrote:
Hey Bill, thanks for the input. I am all ears if you can think of
a better way to fix this in 4.1. Rather than forward-porting this
fix to 5.0, I will look at better ways of doing it there since you
indicate they exist.
I think this is the way to go for 4.1 since it will
, and it would bother anyone else who
set up multiple webapps with authentication.
Keith
| -Original Message-
| From: Remy Maucherat [mailto:[EMAIL PROTECTED]
| Sent: Wednesday, March 12, 2003 10:24 AM
| To: Tomcat Developers List
| Subject: Re: 4.1 authentication bug / bug 14616
I think it is reasonable to fix it.
This can be serious - if someone relies on application isolation ( like
a hosting environment ), the consequences can be really bad, with
one webapp guessing the credentials of another one.
The fix seems reasonably simple and clean.
Costin
Keith Wannamaker
- Original Message -
From: Costin Manolache [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 8:52 PM
Subject: Re: 4.1 authentication bug / bug 14616
I think it is reasonable to fix it.
This can be serious - if someone relies on application isolation ( like
Bill Barker wrote:
I think it is reasonable to fix it.
This can be serious - if someone relies on application isolation ( like
a hosting environment ), the consequences can be really bad, with
one webapp guessing the credentials of another one.
The fix seems reasonably simple and clean.
