[
https://issues.apache.org/jira/browse/BOOKKEEPER-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15401571#comment-15401571
]
ASF GitHub Bot commented on BOOKKEEPER-938:
-------------------------------------------
Github user sijie commented on the issue:
https://github.com/apache/bookkeeper/pull/52
@dlg99 thank you so much!
> LedgerOpenOp should use digestType from metadata
> ------------------------------------------------
>
> Key: BOOKKEEPER-938
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-938
> Project: Bookkeeper
> Issue Type: Bug
> Components: bookkeeper-client
> Affects Versions: 4.5.0
> Reporter: Andrey Yegorov
> Priority: Minor
> Fix For: 4.5.0
>
>
> Currently digestType verification in LedgerOpenOp seems to be treated as part
> of security logic. Since it is checked after password and error explicitly
> states that digestType mismatched, all that evil hacker has to do is to
> change digest type to another one. There are only two of them after all.
> here is the scenario significantly affected by current behavior:
> 1. user rolls out clients with digestType set to MAC and creates lots of
> ledgers.
> 2. user notices that MAC is slower than CRC32 and decides to change
> digestType.
> 3. more ledgers created with CRC32.
> 4. user tries to read old and new ledgers
> -> now old ledgers cannot be read because of the digest type mismatch.
> I'll send pull request for review.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
