[
https://issues.apache.org/jira/browse/FTPSERVER-220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Gorobchuk closed FTPSERVER-220.
------------------------------------
Resolution: Fixed
bug is not reproduced since was fixed config reader and empty value of password
is stored as empty string instead of NULL in the M3 version.
However, I think code which is described above shows not good idea for checking
user existing.
> does not processed correct user's empty password
> ------------------------------------------------
>
> Key: FTPSERVER-220
> URL: https://issues.apache.org/jira/browse/FTPSERVER-220
> Project: FtpServer
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.0-M3
> Reporter: Oleg Gorobchuk
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M4
>
>
> In the case if user has declared empty password server does not allow to
> connect user.
> Empty password does not processed for normal user and "anonymous" and for all
> encrypted modes.
> Sources of problem.
> 1. command PASS blocked using empty password since in this case request
> contains NULL instead password value and command generates error 501
> 2. In the case of using properties way of user management
> the class PropertiesUserManager, for case of configured empty password, makes
> decision that user does not exist.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
