What is http://localhost:8080/login

Thorben Heins

unread,

Jan 25, 2016, 12:09:48 PM1/25/16

to Hippo Community

Hi folks,

today we accidentally discovered this resource. We are running Hippo 10.1.0 and were wondering, whether this is some legacy, that might be used to attack an application somehow? As it presents itself with "Hippo 7" it looks kind of odd in any case, as we started with 10.0 initially.

Any feedback is welcome :)

Greetings,

Thorben

Woonsan Ko

unread,

Jan 25, 2016, 12:35:05 PM1/25/16

to hippo-c...@googlegroups.com

Hi Thorben,

It's the default JAAS based login form provided by HST. [1]

If you don't use authentication in your websites, that should be fine. It's just an additional authentication when needed.

If you want to remove all the login pages, then you might want to remove any servlet and mapping configurations for /login/* in site/WEB-INF/web.xml.

Regards,

Woonsan

[1] http://www.onehippo.org/library/concepts/security/hst-2-authentication-and-authorization-support.html

--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)

To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.

--

w....@onehippo.com www.onehippo.com
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466

Oscar Scholten

unread,

Jan 25, 2016, 4:33:22 PM1/25/16

to hippo-c...@googlegroups.com

Hi Thorben,

Bit of background: when we released Hippo 10 back in May'15 we switched to Semantic Versioning [1]. Up until then we released Hippo 7.x from 2010 to 2015 [2]. Apparently we still have some static strings that form Hippo CMS 7 somehow :-/

I've filed a bug in JIRA [3] so we can fix this in an upcoming release.

[1] http://www.onehippo.org/about/version-numbering.html

[2] http://www.onehippo.org/about/release-notes/release-notes-overview.html

[3] http://issues.onehippo.com/browse/CMS-9897

Cheers, Oscar

Boston - 745 Atlantic Ave, 8th Floor, MA 02111

Europe +31(0)20 522 4466

US +1 877 414 4776

www.onehippo.com | www.onehippo.org

Reply all

Reply to author

Forward