ccain 01/09/07 11:51:36
Modified:catalina/src/share/org/apache/catalina/realm JDBCRealm.java
JNDIRealm.java MemoryRealm.java
Log:
Change comparison of hex digests (in authentication) to be
case-insensitive, as base16 values themselves are
PROTECTED]]
Enviado el: viernes 7 de septiembre de 2001 20:52
Para: [EMAIL PROTECTED]
Asunto: cvs commit:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
JDBCRealm.java JNDIRealm.java MemoryRealm.java
ccain 01/09/07 11:51:36
Modified:catalina/src/share/org/apache
]]
Enviado el: viernes 7 de septiembre de 2001 20:52
Para: [EMAIL PROTECTED]
Asunto: cvs commit:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
JDBCRealm.java JNDIRealm.java MemoryRealm.java
ccain 01/09/07 11:51:36
Modified:catalina/src/share/org/apache/catalina/realm
Ignacio J. Ortega [EMAIL PROTECTED] wrote:
Hola Christopher:
I think this change is not good, as it does *all* passwords case
insensitive, regardles of the use of digest or not.., i think plain
passwords need to be case sensitive ..
Good catch :)
Pier
You're right ... d'oh! I assumed that a method called
digest returned
a digest. I guess I should not assume so often =)
My bad ... but in some slight manor of defense, that method call is
poorly named :)
We can change it to a more apropiate digestedOrNot
:
Saludos ,
Ignacio
ccain 01/09/07 13:45:13
Modified:catalina/src/share/org/apache/catalina/realm JDBCRealm.java
JNDIRealm.java MemoryRealm.java RealmBase.java
Log:
Backs out the previous case-insensitive mod, which would have checked
non-hashed realm passwords
Close ... I added a hasMessageDigest() method =)
Also, I just realized that I was in such a hurry to get fixed code back
into the tree, I forgot to give you credit on the commit log. As Pier
said, that was an excellent catch ... you pulled my kahones out of the
fire on that one :)
I promise