[
https://issues.apache.org/jira/browse/GEODE-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16048420#comment-16048420
]
ASF GitHub Bot commented on GEODE-1958:
---------------------------------------
Github user PurelyApplied commented on a diff in the pull request:
https://github.com/apache/geode/pull/578#discussion_r121798399
--- Diff:
geode-core/src/main/java/org/apache/geode/internal/util/PasswordUtil.java ---
@@ -44,72 +42,29 @@
private static byte[] init = "string".getBytes();
/**
- * Encrypts a password string
- *
- * @param password String to be encrypted.
- * @return String encrypted String
- */
- public static String encrypt(String password) {
- return encrypt(password, true);
- }
-
- /**
- *
- * @param password String to be encrypted
- * @param echo if true prints result to system.out
- * @return String encrypted String
+ * Decrypts an encrypted password string.
+ *
+ * @param password String to be decrypted
+ * @return String decrypted String
*/
- public static String encrypt(String password, boolean echo) {
- String encryptedString = null;
+ @Deprecated
+ public static String decrypt(String password) {
+ String toDecrypt;
+ if (password.startsWith("encrypted(") && password.endsWith(")"))
--- End diff --
I don't think it gets caught by spotless, but officially we prefer to wrap
every `if` and `else` in curly braces, even when they're just one-liners.
> Remove PasswordUtil
> --------------------
>
> Key: GEODE-1958
> URL: https://issues.apache.org/jira/browse/GEODE-1958
> Project: Geode
> Issue Type: Bug
> Components: security
> Reporter: Diane Hardman
> Assignee: Emily Yeh
> Priority: Minor
>
> PasswordUtil was used to encrypt a password to be stored in cache.xml. This
> was not secure since anyone could copy the "encrypted" string to another
> cache.xml to gain access. Therefore this utility was not particularly useful
> and should be removed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
