accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-2700) SecurityToken.authenticateSystemUser fails to properly validate system user
Date Fri, 18 Apr 2014 20:53:14 GMT
Christopher Tubbs created ACCUMULO-2700:
-------------------------------------------

             Summary: SecurityToken.authenticateSystemUser fails to properly validate system
user
                 Key: ACCUMULO-2700
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2700
             Project: Accumulo
          Issue Type: Bug
            Reporter: Christopher Tubbs
            Assignee: Christopher Tubbs
            Priority: Blocker
             Fix For: 1.6.0


FindBugs found in the 1.6.0-SNAPSHOT branch that {{SecurityOperation.authenticateSystemUser(TCredentials
credentials)}} does an improper comparison (equals) between AuthenticationToken and byte array.

Additionally, upon visual inspection, it looks like the condition is not'd (missing a ! to
throw the exception when the credentials don't match).

The result appears to be that the system user is always authenticated, even if the credentials
don't match. I haven't checked 1.5 yet to see if the bug applies there also.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message