tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32137] - Random "401" responses for Digest - DigestAuthenticator thread un-safe use of MessageDigest
Date Sat, 20 Nov 2004 17:21:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32137>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32137


sam@redspr.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         OS/Version|                            |All




------- Additional Comments From sam@redspr.com  2004-11-20 18:21 -------
As far as I can see DigestAuthenticator only ever wants
a digested AND encoded String given a String.

It might simplify the code to factor out the synchronize+digest+encode
into another utility method in MD5Encoder that accepts single 
String parameter and returns an encoded MD5 digest String result. 
This method would synchronize on its MessageDigest.

Addition to MD5Encoder could be something like:

	private static MessageDigest md5Helper;

	static {
		try {
			if (md5Helper == null)
				md5Helper = MessageDigest.getInstance("MD5");
		} catch (NoSuchAlgorithmException e) {
			throw new IllegalStateException();
		}
	}
	
	public String digestAndEncode(String p) {
	    synchronized (md5Helper) {
	        return encode(md5Helper.digest(p.getBytes()));
	    }
	}

Sorry for lack of a proper patch but Ive not got proper setup at moment.


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message