kura icon indicating copy to clipboard operation
kura copied to clipboard

Published 20 hours ago verified publisher icon eclipse

No Error if "SSL.default.cipherSuites" in Wrong Format

Open LeoNerdoG opened this issue 4 years ago • 5 comments

Under the SSL.default.cipherSuites title there is a description "Comma-separated list of allowed ciphers..." but there is no verification of the field (user can enter literally anything and Kura will accept it).

Testflow:

  1. Login to Kura as admin/admin
  2. Go to Settings -> SSL.default.cipherSuites and try to enter anything
  3. Click Apply and observe how Kura does not check the field.

Expected behavior Field should have some sort of verification.

Screenshots Screenshot 2020-03-26 at 12 46 25

Target Environment (please complete the following information): Board: Raspberry Pi 3 OS version: Linux raspberrypi 4.19.75-v7+ # 1270 SMP Tue Sep 24 18:45:11 BST 2019 armv7l GNU/Linux Additional info: /

LeoNerdoG avatar Mar 26 '20 13:03 LeoNerdoG

Don't know what sort of validation we can do here since it is a text field that will be passed directly to the jvm

MMaiero avatar Jul 03 '20 14:07 MMaiero

Yes, I agree, but we can at least check if there is a comma between two ciphers? What do you think, is this something doable or logical from JVM standpoint and from Kura's view? So we don't end up with this: Screenshot 2020-07-06 at 12 53 10

LeoNerdoG avatar Jul 06 '20 10:07 LeoNerdoG

The real limitation is in the current UI: being a configurable component and the UI makes the checks for the specific configurable component type, in this case String. At this time there is no specific enforcement that we can do in this section of the UI.

MMaiero avatar Jul 06 '20 13:07 MMaiero

Ok so I would keep this issue open if you agree or label it somehow for future reference, so when/if UI gets changed/upgraded/modified, we check this issue and fix it.

LeoNerdoG avatar Jul 07 '20 08:07 LeoNerdoG

ok

MMaiero avatar Jul 07 '20 11:07 MMaiero