Code Review / portal.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f9a1944) | patch
Don't give user the exact exception description 89/88689/1
authorPiotr Borelowski <p.borelowski@partner.samsung.com>
Fri, 10 May 2019 10:23:48 +0000 (12:23 +0200)
committerKrzysztof Opasiak <k.opasiak@samsung.com>
Tue, 28 May 2019 15:12:04 +0000 (17:12 +0200)
commitb9d4b9d9075f40bfcf1bef58c1738de4713e5e70
treed7ce9a7ff7236599e23e0818adf13fed66cd1048tree | snapshot
parentf9a1944a4b3cda8d9708087902a52baa40c0e2eacommit | diff
Don't give user the exact exception description

The exact description of the exception especially if related to
cryptography cannot be given to the user as it may be abused by the
attacker.

To fix that, we started to use @ExceptionHandler for all exceptions
in the LoginController as well.

CVE: CVE-2019-12121
Issue-ID: OJSI-92
Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java diff | blob | history
ARCHIVED- 2022-02-15 at the request of the project