mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Rukletsov" <ruklet...@gmail.com>
Subject Re: Review Request 38094: Added implementation of Http Basic authentication scheme.
Date Mon, 07 Dec 2015 16:16:23 GMT


> On Dec. 7, 2015, 2:22 p.m., Alexander Rukletsov wrote:
> > 3rdparty/libprocess/src/authenticator.cpp, lines 39-40
> > <https://reviews.apache.org/r/38094/diff/15/?file=1128375#file1128375line39>
> >
> >     I see you use the same error message in case something is wrong. Is it done
on purpose for security reasons? Or do you think it makes sense to extend the message with
specific note in each case?
> 
> Alexander Rojas wrote:
>     It is actually not an error message but the challenge(-s) to be emited to the client
in authentication fails (See the constructor of [Unauthorized](https://github.com/apache/mesos/blob/49296b9a80ec26bf77bc9191fff7b2f5e143b1d2/3rdparty/libprocess/include/process/http.hpp#L521)
which takes a vector). 
>     
>     Still, the reason why you don't give detailed error messages is because with authentication
you want to be quite vague. When you failed to authenticate to a site, it tells you that either
your username doesn't exist or your password was wrong, since you rather don't tell which
one of the two failed.

Got it, mind adding a comment about this for the next reader?


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38094/#review109145
-----------------------------------------------------------


On Dec. 7, 2015, 3:11 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38094/
> -----------------------------------------------------------
> 
> (Updated Dec. 7, 2015, 3:11 p.m.)
> 
> 
> Review request for mesos, Adam B, Benjamin Hindman, Bernd Mathiske, and Till Toenshoff.
> 
> 
> Bugs: MESOS-3232
>     https://issues.apache.org/jira/browse/MESOS-3232
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/Makefile.am 6ec6d7989df647f466ac6079738835ffcb2ea8ee 
>   3rdparty/libprocess/include/process/authenticator.hpp 5a32e9a38a0bec7aa3faef23b792f3bf3d659d4f

>   3rdparty/libprocess/src/CMakeLists.txt 681f0cfec57e152568da41698c8bdd52c05f65a6 
>   3rdparty/libprocess/src/authenticator.cpp PRE-CREATION 
>   3rdparty/libprocess/src/tests/http_tests.cpp 2de75ca1c7e224c36b534c368e7379dc158aa5bb

> 
> Diff: https://reviews.apache.org/r/38094/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message