Comment 21 for bug 1434034
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Even if the user is disabled, can use the last token is validated | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
If I understand correctly the worse case scenario here is a slightly deferred token invalidation, which I would not consider OSSA (advisory) material (could be considered "working as designed"). It is certainly OSSN (security note / documentation) material though.
Given the impact and in order to facilitate work on this, I propose we open this bug publicly.
I think I have a slight preference for option 1 + OSSN in the immediate future.