[ https://issues.apache.org/jira/browse/ZOOKEEPER-2569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15512106#comment-15512106 ]
Arshad Mohammad commented on ZOOKEEPER-2569: -------------------------------------------- You mean, API should check whether user passed plain password or encrypted password and if it is plain password then it should not accepted? I don't think we should be doing this kind of validation here. > plain password is stored when set individual ACL using digest scheme > -------------------------------------------------------------------- > > Key: ZOOKEEPER-2569 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2569 > Project: ZooKeeper > Issue Type: Bug > Components: security > Affects Versions: 3.5.1 > Reporter: Rakesh Kumar Singh > > Plain password is stored when set individual ACL using digest scheme instead > of storing the username and encoded hash string of <username:password> > [zk: localhost:2181(CONNECTED) 13] addauth digest user:pass > [zk: localhost:2181(CONNECTED) 14] setAcl /newNode digest:user:pass:crdwa > [zk: localhost:2181(CONNECTED) 15] getAcl /newNode > 'digest,'user:pass > : cdrwa > [zk: localhost:2181(CONNECTED) 16] -- This message was sent by Atlassian JIRA (v6.3.4#6332)