accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2700) SecurityOperation.authenticateSystemUser fails to properly validate system user
Date Mon, 21 Apr 2014 20:06:17 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13975965#comment-13975965
] 

ASF subversion and git services commented on ACCUMULO-2700:
-----------------------------------------------------------

Commit d27509084ff45cef892c5735ee8fb559cd61dc0c in accumulo's branch refs/heads/1.6.0-SNAPSHOT
from [~ctubbsii]
[ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=d275090 ]

ACCUMULO-2700 Fix system credentials checks and add a test


> SecurityOperation.authenticateSystemUser fails to properly validate system user
> -------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-2700
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2700
>             Project: Accumulo
>          Issue Type: Bug
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>            Priority: Blocker
>              Labels: 16_qa_bug
>             Fix For: 1.6.0
>
>
> FindBugs found in the 1.6.0-SNAPSHOT branch that {{SecurityOperation.authenticateSystemUser(TCredentials
credentials)}} does an improper comparison (equals) between AuthenticationToken and byte array.
> Additionally, upon visual inspection, it looks like the condition is not'd (missing a
! to throw the exception when the credentials don't match).
> The result appears to be that the system user is always authenticated, even if the credentials
don't match. I haven't checked 1.5 yet to see if the bug applies there also.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message