CAPTCHA uses a predictable temp file

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 2.3
    • Affects Version/s: 2.1, 2.2
    • Component/s: None

      The CAPTCHA provider stores data in a temporary file in java.io.tmpdir. When you run multiple copies of Confluence with CAPTCHA enabled on the same server, they all use the same temp file. Hilarity ensues.

      Also, there are security issues with creating predictable files in /tmp.

      We should fix the CAPTCHA provider to store its temp files in confluence.home/temp

              Assignee:
              Unassigned
              Reporter:
              Charles Miller (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: