Re: Form login UTF-8 username problem

Mon, 06 Mar 2006 04:27:49 -0800 

Good Morning Dave-
The earlier comment about using DBCS UTF-16 holds true for CJK, Hebrew,Arabic or any character set using 2 or more bytes to represent a 'character' I think what daniel is alluding to in this response is the ability for others to mask certain characters 
It sounds as if you might want to look at ssl..
using private/public keys or certificates
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html
This will enable
Authentication - verifying client credentials
Confidentiality - Avoiding man in the middle interception
Integrity - Avoiding man in the middle modfication to the transmission

Keep us apprised,
Martin-
----- Original Message ----- From: "Dave" <[EMAIL PROTECTED]> 
To: "Tomcat Users List" <users@tomcat.apache.org>; <[EMAIL PROTECTED]>
Sent: Sunday, March 05, 2006 10:09 PM
Subject: RE: Form login UTF-8 username problem



Hi Daniel,

 I am not quite understanding. Is it a security hole?
 User needs a username and password to login to the web application.

 Thanks!
Daniel Blumenthal <[EMAIL PROTECTED]> wrote:
 As a security concern, you might not want to allow full UTF-8 usernames.
There are a number of invisible characters (from the soft hyphen to various 
connector characters) which people can use to spoof other users' names.

Daniel



-----Original Message-----
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Friday, March 03, 2006 1:50 PM
To: Tomcat Users List
Subject: Re: Form login UTF-8 username problem

Dave wrote:
> Web application using JBoss 4.0.3SP1 and servlets.
> I am using FORM authentication. Can username be UTF-8?
> I create an account, its username is in UTF-8 encoding,
chinese characters.
> But login was not successful. Can JBoss built-in
authentication handle UTF-8 encoding for username?

This looks like
http://issues.apache.org/bugzilla/show_bug.cgi?id=31198

It is fixed in 5.5.7+

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze. 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to