cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-6233) Authentication is broken for the protocol v1 on C* 2.0
Date Sat, 26 Oct 2013 12:27:31 GMT


Sylvain Lebresne commented on CASSANDRA-6233:

I'm talking of the native protocol. cassandra-dtest uses CQL-over-thrift so there is no way
to reproduce this bug with it. To produce, you'd need to for example use the Datastax java
driver 1.0.4 against C* 2.0.1. The steps to reproduce are there:

> Authentication is broken for the protocol v1 on C* 2.0
> ------------------------------------------------------
>                 Key: CASSANDRA-6233
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sylvain Lebresne
>            Assignee: Sylvain Lebresne
>             Fix For: 2.0.3
>         Attachments: 6233.txt
> CASSANDRA-5664 simplified the decoding method of CredentialsMessage by using CBUtil.readStringMap
(instead of duplicating the code). Unfortunately, that latter method turns his keys to uppercase
(to provide some form of case insensitivity for keys), and in the case of CredentialsMessage
this breaks PasswordAuthenticator that expect lowercased keys (besides, it's a bad idea to
mess up with the case of the credentials map in general).
> Making CBUtil.readStringMap uppercase keys was probably a bad idea in the first place
(as nothing in the method name imply this), so attaching patch that remove this (and uppercase
keys specifically in StartupMessage where that was done on purpose).

This message was sent by Atlassian JIRA

View raw message