Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
- Timestamp:
-
05/02/11 16:26:19 (13 years ago)
- Author:
-
saloynton
- Comment:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
-
- Property Cc bwzloranger saloynton added
-
Property
Component
changed from
General
to
Documentation
-
Property
Remaining Time
changed from
to
0.2
-
Property
Milestone
changed from
Unscheduled
to
OMERO-Beta4.3
- Property Owner set to saloynton
-
Property
Sprint
changed from
to
2011-05-05 (11)
-
Property
Type
changed from
story
to
task
-
initial
|
v5
|
|
1 | 1 | See #3201 |
| 2 | |
| 3 | Confirm the valid scenario: |
| 4 | |
| 5 | Otherwise an attacker could: |
| 6 | |
| 7 | sniff a session uuid from the wire (which will eventually timeout) |
| 8 | login with the session uuid |
| 9 | call changePassword |
| 10 | start creating new sessions with the new password |
| 11 | I realize that in the web scenario N-1 of the workers will have been authenticated with a session uuid, so if you receive a SecurityViolation you will need to re-authenticate, or create a temporary SSL-based omero.client with the real password. |
1.3.13-PRO © 2008-2011
Agilo Software all
rights reserved
(this page was served in: 0.16268 sec.)