portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18632] - [ENH] BASICAuthIFramePortlet contribution
Date Sat, 24 May 2003 13:09:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18632>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18632

[ENH] BASICAuthIFramePortlet contribution





------- Additional Comments From hoju@visi.com  2003-05-24 13:09 -------
If that were to happen, we would probably want to add another config parameter
stating whether to even rewrite the BASIC Auth information to the URL.  This
shouldn't be done unless explicitly told to do so by the developer because it is
a security issue.  Yes, it provides some important functionality but,
nevertheless, it is a security issue where one has to make the decision that
they can live with the risks and take precautions such only using SSL when doing
this.

If you would like to integrate it and provide an extra config parameter such as
'enablebasicauth="true"' (with the default "false", of course), be my guest. 
Otherwise, it is perfectly functional as a standalone extending the
IFramePortlet.  I don't see much of a reason to change it.

Jake

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message