Go ahead.
On Wed, Mar 30, 2011 at 7:50 PM, Nuwan Bandara <nu...@wso2.com> wrote: > Hi Guys, > > Any concerns regarding this implementation ? If not we would like to > proceed with completing this for the coming release. > > The respective Jira is at [1] > > Regards, > /Nuwan > > [1] https://wso2.org/jira/browse/CARBON-8759 > > > > On Mon, Mar 28, 2011 at 10:10 AM, Nuwan Bandara <nu...@wso2.com> wrote: > >> Hi Guys, >> >> In GS TODO list of improvements, we have the task of integrating >> Remember-me functionality for the Gadget Server login page. Lalji had >> investigated into integrating this feature, but have hit few blocking >> points. >> >> The main reason why it is not straightforward in integrating as for other >> products is that GS is running on HTTP. In carbon-core ui the remember me >> cookie is set in secure context and GS cannot use this cookie directly. If >> we are going to use it as it is now, we will have to save the cookie in a >> non-secure context. I had a chat with DimuthuL, regarding this, since it >> introduces a security whole, where an intruder can do replay attacks from >> this cookie, and get into HTTPS running mgt console. >> >> The only solution is to implement the same functionality for HTTP with a >> deferent cookie (UUID) and use it only for the HTTP session. If we are to >> implement this feature, there are some changes to be done in Carbon-core >> (Need to duplicate the same code which is done for HTTPS based remember-me). >> >> We would like to know, if we can do theses changes and replicate this >> feature for HTTP context? or since we are closing the release dates should >> we postpone this for the next release ? >> >> -- >> Thanks & Regards, >> >> Nuwan Bandara >> Software Engineer >> WSO2 Inc. | http://wso2.com >> lean . enterprise . middleware >> >> http://www.nuwanbando.com >> >> <http://www.nuwanbando.com/> >> > > > > -- > Thanks & Regards, > > Nuwan Bandara > Software Engineer > WSO2 Inc. | http://wso2.com > lean . enterprise . middleware > > http://www.nuwanbando.com > > <http://www.nuwanbando.com/> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Afkham Azeez* Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, * * *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/> * email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
