[rfc][icedtea-web] restricting codebase matcher from aaaexample.com to example.com or whatever.example.com only
Omair Majid
omajid at redhat.com
Mon Mar 31 18:51:11 UTC 2014
* Jiri Vanek <jvanek at redhat.com> [2014-03-31 14:31]:
> As Omair sugested - the previous fix was to vague.
Yes, I think the previous fix was too lenient. Almost a security hole.
> This is doen for domain only. The paths are still eveluated as :
> *.example.com
> is matching whatever.example.com but not example.com nor aaaexample.com
Any specific reason for this?
> +++ b/tests/netx/unit/net/sourceforge/jnlp/util/ClasspathMatcherTest.java Mon Mar 31 20:30:45 2014 +0200
> + @Test
> + public void dotIssueWithPaths() throws MalformedURLException {
How about renaming it to something more explanatory? I am thinking of
something like wildCardSubdomainDoesNotMatchParentDomainPaths.
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list