Analyze response payload size of failed and successful authentication requests #24054
Labels
Comments
damen-dotcms
changed the title
|
If you have a successful authentication, you're logged in. You're going to see different data due to that. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Parent Issue
#23915
Task
Use Case scenario provided by Mehdi Karimi.
When a User fails to log into dotCMS, the payload in the Response object has a very small size, it provides an error message indicating that the login failed. But, when the authentication is successful, the payload has a bigger size because it provides the map of User data along with additional properties.
In a local environment, the difference in payload sizes look like this:
This might be a clue for hackers to deduce that a User exists based on timing and data received back when the login happens.
Proposed Objective
Security & Privacy
Proposed Priority
Priority 2 - Important
Acceptance Criteria
Come up with an effective solution to make authentication payload sizes as even as possible.
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Sub-Tasks & Estimates
No response
The text was updated successfully, but these errors were encountered: