[
https://issues.apache.org/jira/browse/OFBIZ-10047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295045#comment-16295045
]
Jacques Le Roux commented on OFBIZ-10047:
-----------------------------------------
Thanks James,
bq. I have revised the original comments for "password is stored in clear.".
Hope it is clearer.
Thanks, actually I did not pay attention enough, it may totally sense now
within SimpleCredentialHandler, but I must say your comment helped ;)
BTW I wonder if anybody is really using this feature. Maybe in developement?
Else we could remove it, it would be criminal in production!
bq. OFBiz doesn't hide the fact that the username doesn't exist during the
login process. Maybe for business reasons?
I'm not sure about that one, I'd rather say for security reason. I did not work
on this one, but I hidden things as much as possible in log for this reason
I'll review the Tomcat links I have posted above, then because of Michael's
reluctance I'll ask for a consensus to commit before R17 creation.
> Tomcat SSO
> ----------
>
> Key: OFBIZ-10047
> URL: https://issues.apache.org/jira/browse/OFBIZ-10047
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: James Yong
> Assignee: James Yong
> Priority: Minor
> Attachments: OFBIZ-10047.patch, OFBIZ-10047.patch, OFBIZ-10047.patch,
> OFBIZ-10047.patch, OFBIZ-10047.patch
>
>
> Proposing Tomcat SSO to be used in OFBiz to improve on Single-Sign-On.
> This aim to fix the issues mentioned in OFBIZ-6963, OFBIZ-6994.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
