incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <>
Subject [jira] Created: (JSPWIKI-21) Password hash is calculated using platform default encoding
Date Sun, 04 Nov 2007 19:42:50 GMT
Password hash is calculated using platform default encoding

                 Key: JSPWIKI-21
             Project: JSPWiki
          Issue Type: Bug
          Components: Security
    Affects Versions: 2.4.104, 2.5.139-beta
            Reporter: Janne Jalkanen


            MessageDigest md = MessageDigest.getInstance( "SHA" );
            md.update( text.getBytes() );
            byte[] digestedBytes = md.digest();

Using text.getBytes() means that passwords outside of USASCII range are hashed with platforms
default encoding.  Which means that the userdatabase cannot be moved to another computer with
a default different encoding.

Suggestion is to use UTF-8; that should be backwards compatible with the current case.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message