Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-5774

Webconsole default security cannot be disabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Duplicate
    • None
    • None
    • Web Console
    • None

    Description

      The web console can use a Web Console Security Provider to handle the authorization of a request using an optional service. If this service is not present, the configuration 'user' and 'password' are used for the login (default admin/admin).

      If the security provider service is used then this creates a window where the webconsole is unprotected when the provider bundle is not yet started or updated. 

      One solution is to set the user id to ':' since the Basic Authentication protocol can never pass a colon. However, this is a bit of a hack.

      It would be nice if there was a flag (maybe a magic value for user?) where the request would be denied, optionally waiting maybe a second or so for the service to become available.

      The ':' solves the direct problem. It is a nasty access point that makes systems vulnerable for attacks so it should at least be mentioned and best provided with mechanism.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. FELIX-6168 Enable WebConsole login only after specified Security Providers are present

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              pkriens Peter Kriens
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: