[jira] Commented: (SHINDIG-498) Invalid security token accepted by REST Endpoint

Rajdeep Dua (JIRA) Thu, 07 Aug 2008 13:41:06 -0700

    [ 
https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620741#action_12620741
 ]


Rajdeep Dua commented on SHINDIG-498:
-------------------------------------

This can be pretty dangerous unless it is explicitly stated that social 
networks need to change this.
Suggestion  : Issue a WARNING while starting shindig that the security token 
decoder needs to be modified.

> Invalid security token accepted by REST Endpoint
> ------------------------------------------------
>
>                 Key: SHINDIG-498
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-498
>             Project: Shindig
>          Issue Type: Bug
>          Components: RESTful API (Java)
>         Environment: All
>            Reporter: Rajdeep Dua
>
> st=a:a:a:a:a:a 
> is accepted as a valid security token
> Complete URL : 
> http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SHINDIG-498) Invalid security token accepted by REST Endpoint

Reply via email to