[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-dev] Re: Security Constraints problem
|
Jeff McAffer wrote:
> FYI, the Eclipse webmaster has enabled the security feature on bugzilla
> that limits the visibility of security related discussions in an effort
> to reduce exploits. Bugs can be marked as security related (on the bug
> itself). From that point on only committers (I believe) can read the
> bug. Use as your discretion.
Cool! Good feature!
but in this case it is a problem of a new feature in development, and is
not so much an exploit as a failure to login. So it good for this to
be open.
Jan - any luck reproducing with the test harness?
I'm pretty sure this is something to do with the fact that we now scope
for servlets before calling the security handler, so the path is
now split into servletPath and pathInfo depending on the mappings.
I think the security stuff was only looking at pathInfo because it used to
only be called before servlet scoping.
cheers
