Menu
▾
▴
Re: [Ejbca-develop] can move to next page with wrong password
|
From: Toru T. <tanaka_toru@g.ogis-ri.co.jp> - 2012-07-27 04:47:23
|
Hi Tomas, Thank you for prompt reply. I understood there is no special reason about this implementation. This point is designated by our custmer. The user can move next page even if wrong password is entered. Therefore, the user understand that they entered wrong password when the certificate did not issue. Our customer feel that something is wrong. In addition, about the serucity aspect, we think it is not very good that users can move next page when wrong password is entered. So, we consider it is better to change of this implementation. Concretely, if the user enter wrong password, user can not move next page. If our change is good, would be it possible to consider marge of main ejbca? Toru Tanaka 2012/7/27 Tomas Gustavsson <to...@pr...> > ** Hi Toru, > > I think it is mostly historical and technical implementation reasons. > Nothing is really sent to validate the information until after the second > step. Technically there is no reason we could not validate it after the > first step (as well). > > Cheers, > Tomas > > Toru Tanaka <tanaka_toru@g.ogis-ri.co.jp> skrev: > >> Hi all >> >> This is cofirmation of specification. >> When we issue client certificate, >> 1. Access Public Web Page >> 2. Enter designated "user name" and "password" >> 3. Choice bit number etc and download >> >> the above precedure is needed. >> procedure is no problem. >> But, in procedure 2 "Enter designated "user name" and "password"" >> even if wrong password is entered, I can move next page. >> #certificate cannot download. >> >> I wonder this implimentation. >> Are there the reason of this implimentation ? >> >> Thanks in advance >> >> Toru Tanaka >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > |
