Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 41678 invoked from network); 20 Nov 2004 17:21:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 20 Nov 2004 17:21:35 -0000 Received: (qmail 10712 invoked by uid 500); 20 Nov 2004 17:21:29 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 10658 invoked by uid 500); 20 Nov 2004 17:21:28 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 10639 invoked by uid 99); 20 Nov 2004 17:21:28 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.28) with ESMTP; Sat, 20 Nov 2004 09:21:21 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (8.12.11/8.12.11) with ESMTP id iAKHLILi031586 for ; Sat, 20 Nov 2004 18:21:18 +0100 Received: (from nobody@localhost) by ajax.apache.org (8.12.11/8.12.11/Submit) id iAKHLIYC031584; Sat, 20 Nov 2004 18:21:18 +0100 Date: Sat, 20 Nov 2004 18:21:18 +0100 Message-Id: <200411201721.iAKHLIYC031584@ajax.apache.org> From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 32137] - Random "401" responses for Digest - DigestAuthenticator thread un-safe use of MessageDigest X-Bugzilla-Reason: AssignedTo X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=32137 sam@redspr.com changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version| |All ------- Additional Comments From sam@redspr.com 2004-11-20 18:21 ------- As far as I can see DigestAuthenticator only ever wants a digested AND encoded String given a String. It might simplify the code to factor out the synchronize+digest+encode into another utility method in MD5Encoder that accepts single String parameter and returns an encoded MD5 digest String result. This method would synchronize on its MessageDigest. Addition to MD5Encoder could be something like: private static MessageDigest md5Helper; static { try { if (md5Helper == null) md5Helper = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(); } } public String digestAndEncode(String p) { synchronized (md5Helper) { return encode(md5Helper.digest(p.getBytes())); } } Sorry for lack of a proper patch but Ive not got proper setup at moment. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org