Hi,
On Tue, Mar 22, 2011 at 10:34 AM, Afkham Azeez az...@wso2.com wrote:
Hmm no answer!!!
DimuthuL, you have added LoginStatisticsAdmin on 6/2/2009 928AM with this
log:
Exposing a login stat service. This is a hack, as discussed by the team.
I tried my best to limit the adverse effects
Now I have added a security test that will fail if any admin service has
been exposed via non-HTTPS transports.
On Tue, Mar 22, 2011 at 11:49 AM, Dimuthu Leelarathne dimut...@wso2.comwrote:
Hi,
On Tue, Mar 22, 2011 at 10:34 AM, Afkham Azeez az...@wso2.com wrote:
Hmm no answer!!!
Azeez lets take both of these services off. Looks like neither is being
used??
+1 for the new test!
Sanjiva.
On Tue, Mar 22, 2011 at 11:55 AM, Afkham Azeez az...@wso2.com wrote:
Now I have added a security test that will fail if any admin service has
been exposed via non-HTTPS transports.
Is there a particular reason why these services are exposed via HTTP
HTTPS? All other admin services are exposed only via HTTPS.
--
*Afkham Azeez*
Senior Software Architect Senior Manager; WSO2, Inc.; http://wso2.com,
*
*
*Member; Apache Software Foundation;
Hmm no answer!!!
DimuthuL, you have added LoginStatisticsAdmin on 6/2/2009 928AM with this
log:
Exposing a login stat service. This is a hack, as discussed by the team.
I tried my best to limit the adverse effects done by this bad hack.
HTTP has been explicitly enabled for this service. What