incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <j...@apache.org>
Subject [jira] Created: (JSPWIKI-21) Password hash is calculated using platform default encoding
Date Sun, 04 Nov 2007 19:42:50 GMT
Password hash is calculated using platform default encoding
-----------------------------------------------------------

                 Key: JSPWIKI-21
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-21
             Project: JSPWiki
          Issue Type: Bug
          Components: Security
    Affects Versions: 2.4.104, 2.5.139-beta
            Reporter: Janne Jalkanen


AbstractUserDatabase.getHash():

{code}
            MessageDigest md = MessageDigest.getInstance( "SHA" );
            md.update( text.getBytes() );
            byte[] digestedBytes = md.digest();
{code}

Using text.getBytes() means that passwords outside of USASCII range are hashed with platforms
default encoding.  Which means that the userdatabase cannot be moved to another computer with
a default different encoding.

Suggestion is to use UTF-8; that should be backwards compatible with the current case.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message