summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src
diff options
context:
space:
mode:
authorPiotr Borelowski <p.borelowski@partner.samsung.com>2019-05-10 12:23:48 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2019-05-28 17:12:04 +0200
commitb9d4b9d9075f40bfcf1bef58c1738de4713e5e70 (patch)
treed7ce9a7ff7236599e23e0818adf13fed66cd1048 /ecomp-portal-BE-common/src
parentf9a1944a4b3cda8d9708087902a52baa40c0e2ea (diff)
Don't give user the exact exception description
The exact description of the exception especially if related to cryptography cannot be given to the user as it may be abused by the attacker. To fix that, we started to use @ExceptionHandler for all exceptions in the LoginController as well. CVE: CVE-2019-12121 Issue-ID: OJSI-92 Change-Id: I100b37ff33d28ebccc2411c3acc62bdb7ce11ca8 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com> Acked-by: Manoop Talasila <talasila@research.att.com>
Diffstat (limited to 'ecomp-portal-BE-common/src')
0 files changed, 0 insertions, 0 deletions