[
https://issues.apache.org/jira/browse/WOOKIE-384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Wilson updated WOOKIE-384:
--------------------------------
Affects Version/s: (was: 0.14.0)
Fix Version/s: 0.13.0
Marking as fixed in 0.13.0 release
> persist parameter of oAuth feature not user-isolated
> ----------------------------------------------------
>
> Key: WOOKIE-384
> URL: https://issues.apache.org/jira/browse/WOOKIE-384
> Project: Wookie
> Issue Type: Bug
> Components: Feature Management
> Environment: Windows 7, Chrome
> Reporter: Matthias Niederhausen
> Fix For: 0.13.0
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> When I use the "persist" parameter of the oAuth feature (which is the
> default), every other user will automatically use my token after I have
> approved access.
> This results in a severe security issue, e.g., my google contact list being
> shown to someone else.
> Using "false" for the parameter value, I have to re-authenticate every try
> (which is okay).
> The behaviour for "true" should instead be to cache the token for every
> individual user (i.e., widget instance).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
