----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13252/ -----------------------------------------------------------
(Updated Aug. 6, 2013, 9:45 p.m.) Review request for cloudstack and John Burwell. Changes ------- Incorporating review comments Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2312 and https://issues.apache.org/jira/browse/CLOUDSTACK-2314 Repository: cloudstack-git Description ------- 1. Fix timing attack by using a constant-time comparison function 2. Increase salt size 3. Make flow for invalid user go through full normal execution using a fake password and salt Diffs (updated) ----- plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java da939273ea10bff3b2687c9684edf8a5d0ab4b2e Diff: https://reviews.apache.org/r/13252/diff/ Testing ------- Local environment Thanks, Amogh Vasekar
