Uploaded image for project: 'InsightEdge Platform'
  1. GS-13317

No proactive verification of user credentials when logging into secured web-ui

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: None
    • Fix versions: 12.3
    • Labels:
    • Platform:
      All
    • SalesForce Case ID:
      00011393
    • Acceptance Test:
      Hide
      test.webui.security.ExistingCustomCredentialsProviderNonSecuredUserSecuredWebServerBasicTest
      test.webui.security.ExistingCustomSecurityAndCustomCredentialsSecuredWebServerTest
      test.webui.security.MissingCustomCredentialsProviderSecuredWebServerBasicTest
      test.webui.security.MissingCustomSecurityAndCustomCredentialsNonSecuredUserTest
      Show
      test.webui.security.ExistingCustomCredentialsProviderNonSecuredUserSecuredWebServerBasicTest test.webui.security.ExistingCustomSecurityAndCustomCredentialsSecuredWebServerTest test.webui.security.MissingCustomCredentialsProviderSecuredWebServerBasicTest test.webui.security.MissingCustomSecurityAndCustomCredentialsNonSecuredUserTest
    • Sprint:
      12.3-M3, 12.3-M4
    • Product:
      XAP
    • Edition:
      Premium

      Description

      When security is enabled, authentication to the web-ui is now required.

      Previous versions allowed unauthenticated users to get past the login screen to the web management console. This didn't cause any security breaches because the server was secure and users were not exposed to sensitive areas of the application. However, it provided a poor user experience, causing users to assume they had gained access when they in fact didn't have access.

        Attachments

          Activity

            People

            • Assignee:
              evgenyf EvgenyF
              Reporter:
              Yuvald Yuval Dori (Inactive)
              Participants of an issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: