[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on PR #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-1246533634 @divijvaidya Thank you for your suggestion. Noted. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on pull request #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-976437161 > @showuon, thank you. @dajac, Could you please take a look @showuon Can you merge the pr..? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on pull request #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-975692771 @showuon, thank you. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on pull request #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-975158641 > @naanagon , thanks for the PR. But I'm not sure if the change is necessary, because what we did for signature comparing is in the `isValid` method, and it's already compared with time-constant way. Could you elaborate more why you think this is necessary? Or point to me where in the code we did the `InternalRequestSignature#equals` and need time-constant comparing. > > Thank you. @showuon, thanks for taking a look. `isValid` method just compares signature in time-constant way. But same should happen when comparing objects which has sensitive information. Even though `InternalRequestSignature#equals` isn't being used but i thought it should be implemented properly. Motivation for this pr is [DelegationToken.java](https://github.com/apache/kafka/blob/074a03cca162f91ccdecc12eb84c6a45af75f6bf/clients/src/main/java/org/apache/kafka/common/security/token/delegation/DelegationToken.java#L63) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on pull request #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-974844802 @kkonstantine Thanks for adding label. Can you review the pr..? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on pull request #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-974844802 @kkonstantine Thanks for adding label. Can you review the pr..? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] naanagon commented on pull request #11516: MINOR: Use MessageDigest equals when comparing signature
naanagon commented on pull request #11516: URL: https://github.com/apache/kafka/pull/11516#issuecomment-974223299 Hi @dajac @hachikuji and @showuon , please help to review the PR . Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
