jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-2527) Fix and simplify CryptedSimpleCredentials
Date Thu, 04 Mar 2010 09:10:32 GMT

     [ https://issues.apache.org/jira/browse/JCR-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

angela updated JCR-2527:
------------------------

    Fix Version/s:     (was: 2.0.1)
                   2.1.0

> Fix and simplify CryptedSimpleCredentials
> -----------------------------------------
>
>                 Key: JCR-2527
>                 URL: https://issues.apache.org/jira/browse/JCR-2527
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core
>    Affects Versions: 2.0.0
>            Reporter: angela
>            Assignee: angela
>             Fix For: 2.1.0
>
>
> the credentials retrieved from UserImpl and used to validate the simplecredentials passed
to the repository login is overly complex
> and buggy as it tries to match all kind credentials variants with and without hashed
password.
> in particular it contains the following problems:
> - simplecredentials containing the hashed pw are considered valid
> - passwords startign with {something} cause inconsistencies and may even prevent the
user from login
> it should be improved as follows:
> - simplecredentials are always expected to contain the plain text password both for creation
and
>   comparison with the cryptedsimplecredentials.
> - creating cryptedsimplecredentials from uid/pw however is left unchanged: the specified
pw is
>   hashed with the default algorithm if it turns out not to be in the hashed format.
> - in addition the pw should also be hashed if it has the form {something}whatever but
something
>   is an invalid algorithm.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message