Title | Code signing is unnecessary |
Date | 25-Feb-2006 01:04:17 EET |
Version | 2.3 |
Submitter | 89.55.177.112 |
Bug criticality | LightBug |
Browser version | |
Bug status | NewBug |
PageProvider used | |
Servlet Container | Tomcat 5.5 |
Operating System | Win32, Linux |
URL | |
Java version | 5.0 |
JSPWiki uses jspwiki.policy entries like ({) grant signedBy "jspwiki" principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" (})
The signedBy is unnecessary, it suffices to grant to principals.
I deleted all signedBy "jspwiki", the security code still works. I tested Sun JDK 5.0 with XP and Linux.
The signing makes development unnecessaryly difficult.
Add new attachment
Only authorized users are allowed to upload new attachments.
«
This particular version was published on 25-Feb-2006 01:04 by 89.55.177.112.