Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PAM Auth with password encryption turned off causes front-end validation of username and password to not run #1545

Closed
kfeinauer opened this issue Oct 3, 2017 · 0 comments
Closed

PAM Auth with password encryption turned off causes front-end validation of username and password to not run #1545

kfeinauer opened this issue Oct 3, 2017 · 0 comments
Assignees
@jmcphers
Labels
bug reproducible

Comments

@kfeinauer
Copy link
Contributor

When password encryption is turned off, front-end validation for the login page is disabled. This allows users to submit empty usernames and/or passwords, causing the back-end PAM helper process to hang.

We should ensure that validation runs regardless of the password encryption, and also make the back-end services more resilient to invalid input.

To reproduce:

Make sure you're logged out of RStudio
Disable password auth (via setting or by load balancing)
Log in to RStudio with an empty username or password
Observe that the page hangs

RSP 1.1.374 (all platforms).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmcphers jmcphers

Labels
bug reproducible
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmcphers @dfalty @kfeinauer