Bug #35
Metadata sources are untrusted by default
| Status: | New | Start: | 09/04/2009 | |
| Priority: | High | Due date: | ||
| Assigned to: | Shaun Mangelsdorf | % Done: | 0% |
|
| Category: | SPEP (Java) | Spent time: | - | |
| Target version: | 0.9.6 | |||
Description
By default, metadata sources are flagged as untrusted, which means they are unmarshalled without signature validation.
This could create a vulnerability in certain situations, though it is mitigated by using https on the metadata endpoint.