In PHP we have a setting in the config that enables/disables plain text sec Tokens
ropu On Thu, Aug 7, 2008 at 9:40 PM, Rajdeep Dua (JIRA) <[EMAIL PROTECTED]> wrote: > > [ > https://issues.apache.org/jira/browse/SHINDIG-498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620741#action_12620741] > > Rajdeep Dua commented on SHINDIG-498: > ------------------------------------- > > This can be pretty dangerous unless it is explicitly stated that social > networks need to change this. > Suggestion : Issue a WARNING while starting shindig that the security > token decoder needs to be modified. > > > Invalid security token accepted by REST Endpoint > > ------------------------------------------------ > > > > Key: SHINDIG-498 > > URL: https://issues.apache.org/jira/browse/SHINDIG-498 > > Project: Shindig > > Issue Type: Bug > > Components: RESTful API (Java) > > Environment: All > > Reporter: Rajdeep Dua > > > > st=a:a:a:a:a:a > > is accepted as a valid security token > > Complete URL : > > > http://localhost:8080/social/rest/people/john.doe/@self?format=atom&st=a:a:a:a:a:a > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > -- .-. --- .--. ..- R o p u
