geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (GEODE-1958) Remove PasswordUtil
Date Mon, 26 Jun 2017 15:58:00 GMT


ASF GitHub Bot commented on GEODE-1958:

GitHub user YehEmily opened a pull request:

    GEODE-1958: Rolling back changes to decrypt method

    Earlier, I made changes to the `decrypt` method in `PasswordUtil` to allow it to decrypt
any password, when it should only be decrypting passwords that are prefaced by `encrypt(`.
This PR rolls back that change and fixes any issues that might have resulted.
    Thank you for submitting a contribution to Apache Geode.
    In order to streamline the review of the contribution we ask you
    to ensure the following steps have been taken:
    ### For all changes:
    - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
    - [ ] Has your PR been rebased against the latest commit within the target branch (typically
    - [ ] Is your initial contribution a single, squashed commit?
    - [ ] Does `gradlew build` run cleanly?
    - [ ] Have you written or updated unit tests to verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies licensed in a way
that is compatible for inclusion under [ASF 2.0](
    ### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build issues and
    submit an update to your PR as soon as possible. If you need help, please send an
    email to

You can merge this pull request into a Git repository by running:

    $ git pull GEODE-1958-fix-decrypt

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #600


> Remove PasswordUtil 
> --------------------
>                 Key: GEODE-1958
>                 URL:
>             Project: Geode
>          Issue Type: Bug
>          Components: security
>            Reporter: Diane Hardman
>            Assignee: Emily Yeh
>            Priority: Minor
> PasswordUtil was used to encrypt a password to be stored in cache.xml. This was not secure
since anyone could copy the "encrypted" string to another cache.xml to gain access. Therefore
this utility was not particularly useful and should be removed.

This message was sent by Atlassian JIRA

View raw message