Uploaded image for project: 'Medici'
  1. Medici
  2. MMDB-693

all MMDB deploys use the same basic auth realm

XMLWordPrintableJSON

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 1.0
    • None
    • Web application
    • None

      (Rob pointed this out so I'm making him the reporter - JF)

      REST servlets use "mmdb" as the realm. So if you have two mmdb webapps deployed in the same container, REST authentication state spans both apps, which is a potential attack vector.

              futrelle Joe Futrelle (Inactive)
              kooper Rob Kooper
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: