[JBoss-user] Re: [jetty-discuss] Re: Security and Jetty

Mon, 17 Sep 2001 14:59:46 -0700 


Nicalai,

RC9 contains a bug with FORM authentication.  If the
URL j_security_check is not covered by the security contraint
then it is not handled correctly.    I know this is counter
intuitive and it has already beed fixed for the next release.

regards


Julian Gosnell wrote:

> Nicolai,
> 
> I'm afraid that I'm not the security expert.
> 
> Put a little more about exactly what the problem is,
> and how to reproduce it, and cross-post this to
> [EMAIL PROTECTED] and
> [EMAIL PROTECTED]
> 
> I will do everything I can to ensure the problem is
> sorted out quickly.
> 
> Thanks for letting me know about this,
> 
> 
> Jules
> 
> P.S.
> 
> Any other comments, aside from the security issue.
> Does other stuff work, fast or slow, etc...
> 
>  --- Nicolai P Guba <[EMAIL PROTECTED]> wrote: >
> Hello.  Was nice meeting you in London last week. 
> 
>>I've tried the
>>jetty that comes with JBoss 2.4.1 and the security
>>seems broken.
>>
>>HTTP ERROR: 404 Not Found
>>Could not find resource for /j_security_check
>>
>>RequestURI=/j_security_check
>>
>>Bug or Feature?
>>
>>-- 
>>  Nicolai P Guba    http://www.gnu.org        
>>http://www.frontwire.com
>>                    mailto:[EMAIL PROTECTED]    
>>mailto:[EMAIL PROTECTED]
>>                    GSM: +44 (0)7909 960 751   DDI:
>>+44 (0)20 7368 9708 
>>
> 
> ____________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
> 
> ------------------------ Yahoo! Groups Sponsor ---------------------~-->
> Do you need to encrypt all your online transactions? Secure corporate intranets? 
>Authenticate your Web sites? Whatever
> security your site needs, you'll find the perfect solution here!
> http://us.click.yahoo.com/wOMkGD/Q56CAA/yigFAA/CefplB/TM
> ---------------------------------------------------------------------~->
> 
> For the latest information about Jetty, please see http://jetty.mortbay. 
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 
> 
> 



-- 
Greg Wilkins<[EMAIL PROTECTED]>          GB  Phone: +44-(0)7092063462
Mort Bay Consulting Australia and UK.    Mbl Phone: +61-(0)4 17786631
http://www.mortbay.com                   AU  Phone: +61-(0)2 98107029


_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to