Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 04EBF200CB3 for ; Mon, 26 Jun 2017 17:58:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 03DD4160BD9; Mon, 26 Jun 2017 15:58:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 4934D160BDE for ; Mon, 26 Jun 2017 17:58:04 +0200 (CEST) Received: (qmail 37985 invoked by uid 500); 26 Jun 2017 15:58:03 -0000 Mailing-List: contact issues-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list issues@geode.apache.org Received: (qmail 37976 invoked by uid 99); 26 Jun 2017 15:58:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Jun 2017 15:58:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 877D2188ACA for ; Mon, 26 Jun 2017 15:58:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id nUym2y-c9aOi for ; Mon, 26 Jun 2017 15:58:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 5C98A5F6C0 for ; Mon, 26 Jun 2017 15:58:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id DF688E03EE for ; Mon, 26 Jun 2017 15:58:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 22C6824100 for ; Mon, 26 Jun 2017 15:58:00 +0000 (UTC) Date: Mon, 26 Jun 2017 15:58:00 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: issues@geode.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (GEODE-1958) Remove PasswordUtil MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 26 Jun 2017 15:58:05 -0000 [ https://issues.apache.org/jira/browse/GEODE-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16063297#comment-16063297 ] ASF GitHub Bot commented on GEODE-1958: --------------------------------------- GitHub user YehEmily opened a pull request: https://github.com/apache/geode/pull/600 GEODE-1958: Rolling back changes to decrypt method Earlier, I made changes to the `decrypt` method in `PasswordUtil` to allow it to decrypt any password, when it should only be decrypting passwords that are prefaced by `encrypt(`. This PR rolls back that change and fixes any issues that might have resulted. Thank you for submitting a contribution to Apache Geode. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to dev@geode.apache.org. You can merge this pull request into a Git repository by running: $ git pull https://github.com/YehEmily/geode GEODE-1958-fix-decrypt Alternatively you can review and apply these changes as the patch at: https://github.com/apache/geode/pull/600.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #600 ---- ---- > Remove PasswordUtil > -------------------- > > Key: GEODE-1958 > URL: https://issues.apache.org/jira/browse/GEODE-1958 > Project: Geode > Issue Type: Bug > Components: security > Reporter: Diane Hardman > Assignee: Emily Yeh > Priority: Minor > > PasswordUtil was used to encrypt a password to be stored in cache.xml. This was not secure since anyone could copy the "encrypted" string to another cache.xml to gain access. Therefore this utility was not particularly useful and should be removed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)