Task #2212 (closed)
Does HasPassword work when just password is session id?
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | OMERO-Beta4.2 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2010-04-16 (7) |
Description
The HasPassword annotation should also fail when a user passes a session id password. #911 currently checks the case when both username and password are session id.
Options:
- detect the two cases
- only allow joinSession usage (username == password)
- ...
Change History (3)
comment:1 Changed 14 years ago by jmoore
- Sprint set to 2010-04-16 (7)
- Status changed from new to assigned
comment:2 Changed 14 years ago by jmoore
- Remaining Time changed from 0.25 to 0
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed 13 years ago by jmoore <josh@…>
(In [4ea06983d312c06a5e1c61175afac01884a31b0c/ome.git] on branch develop) Improving HasPassword logic of PermissionsVerifierI (See #2212, Fix #3652)
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
(In [6734]) fix #2212 - Requiring joinSession convention of username==password