[
https://issues.apache.org/jira/browse/KNOX-3101?focusedWorklogId=958966&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-958966
]
ASF GitHub Bot logged work on KNOX-3101:
----------------------------------------
Author: ASF GitHub Bot
Created on: 26/Feb/25 14:25
Start Date: 26/Feb/25 14:25
Worklog Time Spent: 10m
Work Description: lmccay merged PR #996:
URL: https://github.com/apache/knox/pull/996
Issue Time Tracking
-------------------
Worklog Id: (was: 958966)
Time Spent: 20m (was: 10m)
> Change RemoteAuthProvider to use a hash of the Key used for Caching
> -------------------------------------------------------------------
>
> Key: KNOX-3101
> URL: https://issues.apache.org/jira/browse/KNOX-3101
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 2.2.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The initial implementation of RemoteAuthProvider caches authenticated
> Subjects locally based on the header that contained the credentials. While
> the cache is designed to provide only a few mins of caching, it is less than
> ideal to use the credentials as keys. This needs to be strengthened to use a
> hash as to not inadvertently risk leaking the credentials.
> This will require some overhead involved in the hashing so we may need to
> find something else but we shouldn't use the credentials themselves. We would
> normally have to do a hash for implementing authentication for things like
> RDMS or LDAP based passwords, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
