Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug #36223 [Security][Http][SwitchUserListener] Ignore all non existe…
…nt username protection errors (fancyweb) This PR was merged into the 4.4 branch. Discussion ---------- [Security][Http][SwitchUserListener] Ignore all non existent username protection errors | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #36174 | License | MIT | Doc PR | - Since we generate the non existent username blindly, it can lead to Doctrine exceptions or any other exception. We can catch all exceptions here but I guess it reduces the protection since the SQL query was not executed? Alternative: we can only catch Doctrine DriverException (in addition to the existing AuthenticationException) and only silent the reported error codes? Commits ------- 42311d5 [Security][Http][SwitchUserListener] Ignore all non existent username protection errors
- Loading branch information