CryptoUtil should validate its input
------------------------------------
Key: STS-459
URL: http://mc4j.org/jira/browse/STS-459
Project: Stripes
Issue Type: Bug
Reporter: Ben Gunter
Assigned To: Ben Gunter
Fix For: Release 1.5
It appears that CryptoUtil will gladly accept any Base64-encoded value, decode
it, decrypt with a Cipher and return the bytes as a String. This allows Stripes
to end up using garbage input, which might cause trouble. When decrypting,
CryptoUtil should take measures to ensure it is dealing with values that were
encrypted with the same session key.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mc4j.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
