jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-2527) Fix and simplify CryptedSimpleCredentials
Date Thu, 04 Mar 2010 09:10:32 GMT

     [ https://issues.apache.org/jira/browse/JCR-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

angela updated JCR-2527:

    Fix Version/s:     (was: 2.0.1)

> Fix and simplify CryptedSimpleCredentials
> -----------------------------------------
>                 Key: JCR-2527
>                 URL: https://issues.apache.org/jira/browse/JCR-2527
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core
>    Affects Versions: 2.0.0
>            Reporter: angela
>            Assignee: angela
>             Fix For: 2.1.0
> the credentials retrieved from UserImpl and used to validate the simplecredentials passed
to the repository login is overly complex
> and buggy as it tries to match all kind credentials variants with and without hashed
> in particular it contains the following problems:
> - simplecredentials containing the hashed pw are considered valid
> - passwords startign with {something} cause inconsistencies and may even prevent the
user from login
> it should be improved as follows:
> - simplecredentials are always expected to contain the plain text password both for creation
>   comparison with the cryptedsimplecredentials.
> - creating cryptedsimplecredentials from uid/pw however is left unchanged: the specified
pw is
>   hashed with the default algorithm if it turns out not to be in the hashed format.
> - in addition the pw should also be hashed if it has the form {something}whatever but
>   is an invalid algorithm.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message