jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2527) Fix and simplify CryptedSimpleCredentials
Date Tue, 02 Mar 2010 15:36:27 GMT
Fix and simplify CryptedSimpleCredentials
-----------------------------------------

                 Key: JCR-2527
                 URL: https://issues.apache.org/jira/browse/JCR-2527
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
    Affects Versions: 2.0.0
            Reporter: angela
            Assignee: angela
             Fix For: 2.0.1


the credentials retrieved from UserImpl and used to validate the simplecredentials passed
to the repository login is overly complex
and buggy as it tries to match all kind credentials variants with and without hashed password.
in particular it contains the following problems:
- simplecredentials containing the hashed pw are considered valid
- passwords startign with {something} cause inconsistencies and may even prevent the user
from login

it should be improved as follows:
- simplecredentials are always expected to contain the plain text password both for creation
and
  comparison with the cryptedsimplecredentials.
- creating cryptedsimplecredentials from uid/pw however is left unchanged: the specified pw
is
  hashed with the default algorithm if it turns out not to be in the hashed format.
- in addition the pw should also be hashed if it has the form {something}whatever but something
  is an invalid algorithm.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message