[Bug 55839] New: DataSourceRealm doesn't handle prefix on password digest

bugzilla Tue, 03 Dec 2013 08:30:47 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=55839


            Bug ID: 55839
           Summary: DataSourceRealm doesn't handle prefix on password
                    digest
           Product: Tomcat 7
           Version: trunk
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: [email protected]
          Reporter: 897ty8723tgribvjhbvjh847rt3487rt4_dfvkjdbv23lkdm23klm@
                    megatno.com

Created attachment 31088
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31088&action=edit
Entire class with additional check for prefix.

Similar to bug #37984 which provided a fix for JNDIRealm, DataSourceRealm
should also remove prefixes of the form {SHA}, {MD5}, etc before comparing the
digests.

The attached class(sorry - corporate firewall wouldn't allow me to create a
patch) is suitable for my own needs (where the prefix is provided in lower
case, so is compared case-insensitively), but I acknowledge that a fuller fix
may be more appropriate, e.g. providing a helper method for removing known
prefixes in RealmBase.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 55839] New: DataSourceRealm doesn't handle prefix on password digest

Reply via email to