jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Klimetschek (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OAK-7692) [DirectBinaryAccess] Upload token HMAC signature must be base64 encoded
Date Wed, 08 Aug 2018 01:41:00 GMT

     [ https://issues.apache.org/jira/browse/OAK-7692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alexander Klimetschek updated OAK-7692:
---------------------------------------
    Description: 
The upload token's hmac signature (after the #) is not base64 encoded. This might create problems
for clients passing that string around if it can contain non-ascii characters.

Example:
{noformat}
ZDI4Zi1[...]jcuNzg3Wg==#i�_�\��?��S��,0:�
{noformat}
Code is [here|https://github.com/mattvryan/jackrabbit-oak/blob/trunk/oak-blob-plugins/src/main/java/org/apache/jackrabbit/oak/plugins/blob/datastore/directaccess/DataRecordUploadToken.java#L147-L148]

Should probably do a {{Base64.encode()}} of the {{hash}} result of the hmac for a string that
can be safely passed around.

  was:
The upload token's hmac signature (after the #) is not base64 encoded. This might create problems
for clients passing that string around if it can contain non-ascii characters.

Example:
{noformat}
ZDI4Zi1jYzVmLTk2M2EtNGVmMC1hMjEzLTdlYTJjM2MwYWJkYi0xNTMzNjkxNzA3Nzg0IzIwMTgtMDgtMDhUMDE6Mjg6MjcuNzg3Wg==#i�_�\��?��S��,0:�
{noformat}

Code is [here|https://github.com/mattvryan/jackrabbit-oak/blob/trunk/oak-blob-plugins/src/main/java/org/apache/jackrabbit/oak/plugins/blob/datastore/directaccess/DataRecordUploadToken.java#L147-L148]

Should probably do a {{Base64.encode()}} of the {{hash}} result of the hmac for a string that
can be safely passed around.


> [DirectBinaryAccess] Upload token HMAC signature must be base64 encoded
> -----------------------------------------------------------------------
>
>                 Key: OAK-7692
>                 URL: https://issues.apache.org/jira/browse/OAK-7692
>             Project: Jackrabbit Oak
>          Issue Type: Technical task
>          Components: blob-plugins
>            Reporter: Alexander Klimetschek
>            Priority: Major
>
> The upload token's hmac signature (after the #) is not base64 encoded. This might create
problems for clients passing that string around if it can contain non-ascii characters.
> Example:
> {noformat}
> ZDI4Zi1[...]jcuNzg3Wg==#i�_�\��?��S��,0:�
> {noformat}
> Code is [here|https://github.com/mattvryan/jackrabbit-oak/blob/trunk/oak-blob-plugins/src/main/java/org/apache/jackrabbit/oak/plugins/blob/datastore/directaccess/DataRecordUploadToken.java#L147-L148]
> Should probably do a {{Base64.encode()}} of the {{hash}} result of the hmac for a string
that can be safely passed around.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message