![]() The url and the params are hardcoded are hardcoded in my client. In order to make the resource owner login and authorize. Further more, Strava, Garmin, etc have limits of usage and I don't want to let my resource owners the hability to push the button the times they want.Ĭlient calls the authorization server launching a user agent to an oauth login. I have discarded the option to do the call to the resource servers directly from my client and to my rest api when a user pushes a syncronize button and mapping those responses directly in my client because I need the data of those resource servers responses in the backend in order to implement a medal functionality. ![]() Then, if a resource owner consults its activities calling my Rest API, he would get a response with all the activities (the mobiles app tracked ones + Strava, Garmin, resource servers etc ones stores in my db). My first idea was to send those tokens to my backend app in order to store them in a database and develop a process that takes those tokens, consult resource servers, parses each resource server json response actifvities to my rest API activity model ones and store in my database. ![]() When the oauth flow is done, I send the tokens to my Rest API in order to store them in a database. So I can say, that my client is my flutter App. The authorization server login is launched by flutter in a user agent (chrome tab), and once the resource owner has done the login and authorize my flutter app, my flutter app takes the authorization code and the calls to the authorization server to get the tokens. In a first approach, I have managed to develop all the flow of OAuth with flutter using the Authorization Code Grant. Then, my user will be able to view the logs of his tracked activities calling the REST API with a GET.Īs I know that my own tracking development isn't as good as Strava, Garmin, Huawei and so on ones, I want to let my app users to connect with their Strava, Garmin and so on accounts to get their activities data, so I need users to authorize my app to get that data using OAuth. ) it calls a REST API developed by me (with springboot) passing that activity data with a POST. After tracking an activity (swimming, running, walking. I am developing an Sports Mobile App with flutter (mobile client) that tracks it's users activity data. Please refer the link for additional details. Note that I am simply relaying this information. Vulnerabilities addressed to date include those pertaining to JMSAppender, SocketServer and Chainsaw vulnerabilities. As of 2 version 1.2.18.2 has been released. Update #1 - A fork of the (now-retired) apache-log4j-1.2.x with patch fixes for few vulnerabilities identified in the older library is now available (from the original log4j author). This blog post from Cloudflare also indicates the same point as from AKX.that it was introduced from Log4j 2! ‘Log4Shell’ vulnerability poses critical threat to applications using ‘ubiquitous’ Java logging package Apache Log4j Worst Apache Log4j RCE Zero day Dropped on Internet Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet Is my understanding - that Log4j v1.2 - is not vulnerable to the jndi-remote-code execution bug correct? References Log4j 1.2 appears to have a vulnerability in the socket-server class, but my understanding is that it needs to be enabled in the first place for it to be applicable and hence is not a passive threat unlike the JNDI-lookup vulnerability which the one identified appears to be. The question is, while the posts on the Internet indicate that Log4j 1.2 is also vulnerable, I am not able to find the relevant source code for it.Īm I missing something that others have identified? With regard to the Log4j JNDI remote code execution vulnerability that has been identified CVE-2021-44228 - (also see references) - I wondered if Log4j-v1.2 is also impacted, but the closest I got from source code review is the JMS-Appender.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |