Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-370

validateError flag in UsernamePasswordLoginModule

    XMLWordPrintable

Details

    • Medium

    Description

      JBAS-2588 added this property to UsernamePasswordLoginModule. But it is not a configurable property. Any exception that is propagated all the way across to the client may not be fully vetted.

      The validateError property should be off by default and enabled by users.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBAS-2588 LdapExtLoginModule 'hides' causal login exceptions which are then incorrectly reported as invalid Password/User

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. JBAS-6486 Upport JBPAPP986: Ejb3AuthenticationInterceptor should propagate the GeneralSecurityException

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          relates to

          Task - Represents a small unit of work that is not end-user facing. JBAS-6486 Upport JBPAPP986: Ejb3AuthenticationInterceptor should propagate the GeneralSecurityException

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              sguilhen Stefan Guilhen
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: