Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6065D10690 for ; Tue, 3 Dec 2013 16:30:29 +0000 (UTC) Received: (qmail 91130 invoked by uid 500); 3 Dec 2013 16:30:27 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 91068 invoked by uid 500); 3 Dec 2013 16:30:26 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 91053 invoked by uid 99); 3 Dec 2013 16:30:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Dec 2013 16:30:24 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Dec 2013 16:30:22 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 09AE61CC0E; Tue, 3 Dec 2013 16:30:01 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 55839] New: DataSourceRealm doesn't handle prefix on password digest Date: Tue, 03 Dec 2013 16:30:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 7 X-Bugzilla-Component: Catalina X-Bugzilla-Version: trunk X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: 897ty8723tgribvjhbvjh847rt3487rt4_dfvkjdbv23lkdm23klm@megatno.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=55839 Bug ID: 55839 Summary: DataSourceRealm doesn't handle prefix on password digest Product: Tomcat 7 Version: trunk Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: 897ty8723tgribvjhbvjh847rt3487rt4_dfvkjdbv23lkdm23klm@ megatno.com Created attachment 31088 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31088&action=edit Entire class with additional check for prefix. Similar to bug #37984 which provided a fix for JNDIRealm, DataSourceRealm should also remove prefixes of the form {SHA}, {MD5}, etc before comparing the digests. The attached class(sorry - corporate firewall wouldn't allow me to create a patch) is suitable for my own needs (where the prefix is provided in lower case, so is compared case-insensitively), but I acknowledge that a fuller fix may be more appropriate, e.g. providing a helper method for removing known prefixes in RealmBase. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org