[jira] Commented: (SHINDIG-498) Invalid security token accepted by REST Endpoint

Cassie Doll (JIRA) Thu, 07 Aug 2008 13:31:08 -0700

    [ 
https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620737#action_12620737
 ]


Cassie Doll commented on SHINDIG-498:
-------------------------------------

With the default security token decoder this token is perfectly valid. Real 
social networks should implement their own decoder which can be a little more 
sophisticated by validating userIds appIds and what not. 

> Invalid security token accepted by REST Endpoint
> ------------------------------------------------
>
>                 Key: SHINDIG-498
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-498
>             Project: Shindig
>          Issue Type: Bug
>          Components: RESTful API (Java)
>         Environment: All
>            Reporter: Rajdeep Dua
>
> st=a:a:a:a:a:a 
> is accepted as a valid security token
> Complete URL : 
> http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SHINDIG-498) Invalid security token accepted by REST Endpoint

Reply via email to