[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506661#comment-15506661
 ] 

Flavio Junqueira commented on ZOOKEEPER-2521:
---------------------------------------------

I thought some more about this, and I'm leaning more towards not making this 
change. If I understand correctly, not trimming doesn't cause any security 
issue (doesn't open up a new vulnerability). If the server isn't starting and 
we are not telling clearly to the user that it is because the password is 
invalid, then perhaps this is what we should fix, no?

> space should be truncated while reading password for keystore/truststore 
> which is required to configure while SSL enabled
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2521
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2521
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.1
>            Reporter: Rakesh Kumar Singh
>            Assignee: Edward Ribeiro
>            Priority: Minor
>             Fix For: 3.5.3, 3.6.0
>
>         Attachments: ZOOKEEPER-2521.2.patch, ZOOKEEPER-2521.patch
>
>
> space should be truncated while reading password for keystore/truststore 
> which is required to configure while SSL enabled.
> As of now if we configure the password with any heading/trailing space, the 
> zookeeper server will fail to start.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to