Remove Information leak.

opensrp / opensrp-server-web

OpenSRP Server Generic Web Application

Other

10 stars 21 forks source link

Remove Information leak. #279

Open githengi opened 4 years ago

githengi commented 4 years ago

[ ] Remove Information leak.
[ ] On the file access_confirmation.jsp .Remove the call that notifies the user the reason why access could not be granted. Use Generic message

Access could not be granted. (<%=((AuthenticationException) session
                        .getAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY))
         .getMessage()%>)

rehammuzzamil commented 4 years ago

Please provide a generic message. For now I am removing the message and adding simple message "Access could not be granted. Please try again!". @githengi

githengi commented 4 years ago

@rehammuzzamil that sound good