gerrit

History

Khai Do cf9bce2191 Remove the generateHttpPassword capability Remove the Generate HTTP Password capability because it exposes a security vulnerability. Any user that is granted this capability can modify an administrator's http password and impersonate the admin user. Other reasons for removing this capability are that the usage of it is inconsistent with the modifyAccount capability and this capability encourages adding additional capabilities to restrict permissions, which is not desired. With this change only administrators are allowed to generate and delete other users' http passwords. The motivation behind this change is from comments in changes Ib1971fad and If8296539. Change-Id: Id907cc103591eed029fd08af700bb1bb6a618ff8	2014-09-29 15:21:06 -07:00
..
src	Remove the generateHttpPassword capability	2014-09-29 15:21:06 -07:00
BUCK	Fix SecureStore binding for plugins	2014-09-12 14:12:38 +00:00

Khai Do cf9bce2191 Remove the generateHttpPassword capability

Remove the Generate HTTP Password capability because it exposes a
security vulnerability.  Any user that is granted this capability
can modify an administrator's http password and impersonate the
admin user.  Other reasons for removing this capability are that
the usage of it is inconsistent with the modifyAccount capability
and this capability encourages adding additional capabilities to
restrict permissions, which is not desired.

With this change only administrators are allowed to generate and
delete other users' http passwords.

The motivation behind this change is from comments in changes
Ib1971fad and If8296539.

Change-Id: Id907cc103591eed029fd08af700bb1bb6a618ff8

2014-09-29 15:21:06 -07:00

src

Remove the generateHttpPassword capability

2014-09-29 15:21:06 -07:00

BUCK

Fix SecureStore binding for plugins

2014-09-12 14:12:38 +00:00