Closed zohiba closed 5 months ago
openshift-bot
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
openshift-bot
commented
1 year ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
openshift-bot
commented
1 year ago Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
/close
openshift-ci[bot]
commented
1 year ago @openshift-bot: Closing this issue.
amandalal
commented
11 months ago @openshift-bot /reopen
amandalal
commented
11 months ago @stlaz @jianzhangbjz Do either of you know if this project is still being maintained? We are using this product and this is considered a security flaw.
amandalal
commented
11 months ago /reopen
openshift-ci[bot]
commented
11 months ago @amandalal: You can't reopen an issue/PR unless you authored it or you are a collaborator.
zohiba
commented
11 months ago /reopen
zohiba
commented
11 months ago /remove-lifecycle rotten
zohiba
commented
11 months ago /reopen
openshift-ci[bot]
commented
11 months ago @zohiba: Reopened this issue.
openshift-ci[bot]
commented
11 months ago @zohiba: Reopened this issue.
amandalal
commented
10 months ago @stlaz @jianzhangbjz Do either of you know if this project is still being maintained? We are using this product and this is considered a security flaw.
stlaz
commented
10 months ago The cookie is bound to the site of use with the Domain attribute, is HTTPOnly and Secure. Therefore the cookie is only ever visible to the oauth-proxy and the application behind it, which I don't think should be problematic.
openshift-bot
commented
7 months ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
openshift-bot
commented
6 months ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
openshift-bot
commented
5 months ago Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
/close
openshift-ci[bot]
commented
5 months ago @openshift-bot: Closing this issue.
Currently the _oauth_proxy cookie stores username information that is base64 encoded which is easy to decrypt. This is a security hole, can we encrypt it somewhere before it is assigned as the cookie value? How to encrypt the username before it is assigned as the cookie value?
Edit: I have tried using the --cookie-secret flag like
--cookie-secret=8_3IDOJAfTYz3plnjmD5pAbLr9BiJv81L-fuMoEynro=but the cookie is not getting encrypted, it is still in base64 form. I have the following version that supports the flag but it is still not working.