[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (AMQP-102) Detailed descriptions for error conditions related to content
Brian Raymor created AMQP-102: --------------------------------- Summary: Detailed descriptions for error conditions related to content Key: AMQP-102 URL: https://issues.oasis-open.org/browse/AMQP-102 Project: OASIS Advanced Message Queuing Protocol (AMQP) TC Issue Type: Improvement Components: Claims Based Security Affects Versions: cbs-WD03 Reporter: Clemens Vasters Assignee: Brian Raymor Priority: Minor Fix For: cbs-WD04 For both put-token and delete-token For error conditions related to the content of the request, e.g., unsupported token type, malformed request etc., a detailed description SHOULD NOT be provided in the error field, in line with general best practice for security-related protocols. // That’s a bit harsh. I think it is worth differentiating between a totally botched request and a token that is structurally sound but isn’t valid for the scope or has expired. That doesn’t substantially lower the security bar, but does reduce support cost. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]