[
https://issues.apache.org/jira/browse/GEODE-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16049703#comment-16049703
]
ASF GitHub Bot commented on GEODE-1958:
---------------------------------------
Github user jaredjstewart commented on a diff in the pull request:
https://github.com/apache/geode/pull/578#discussion_r122073349
--- Diff:
geode-core/src/test/java/org/apache/geode/cache/util/PasswordUtilJUnitTest.java
---
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
- * agreements. See the NOTICE file distributed with this work for
additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the
License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
ANY KIND, either express
- * or implied. See the License for the specific language governing
permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.util;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import org.apache.geode.internal.util.PasswordUtil;
-import org.apache.geode.test.junit.categories.SecurityTest;
-import org.apache.geode.test.junit.categories.UnitTest;
-
-@Category({UnitTest.class, SecurityTest.class})
-public class PasswordUtilJUnitTest {
-
- @Test
- public void testPasswordUtil() {
- String x = "password";
- String z = null;
-
- // System.out.println(x);
- String y = PasswordUtil.encrypt(x);
--- End diff --
I think we ought to keep this test around until we actually remove
`decrypt()`. Since `encrypt()` won't be around to us to use in the test, I
think it would suffice to hardcode a String that we know ought to be decrypted
to some known value (basically grab the value of `y` that results when you run
this test on `Develop`). Then we can make sure that we haven't accidentally
broken the behavior of `decrypt()` with this change.
> Remove PasswordUtil
> --------------------
>
> Key: GEODE-1958
> URL: https://issues.apache.org/jira/browse/GEODE-1958
> Project: Geode
> Issue Type: Bug
> Components: security
> Reporter: Diane Hardman
> Assignee: Emily Yeh
> Priority: Minor
>
> PasswordUtil was used to encrypt a password to be stored in cache.xml. This
> was not secure since anyone could copy the "encrypted" string to another
> cache.xml to gain access. Therefore this utility was not particularly useful
> and should be removed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
