realm JDBCRealm.java JNDIRealm.java MemoryRealm.java

Ignacio J. Ortega Fri, 07 Sep 2001 12:08:55 -0700
Hola Christopher:

I think this change is not good, as it does *all* passwords case
insensitive, regardles of the use of digest or not.., i think plain
passwords need to be case sensitive ..


Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Enviado el: viernes 7 de septiembre de 2001 20:52
> Para: [EMAIL PROTECTED]
> Asunto: cvs commit:
> jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
> JDBCRealm.java JNDIRealm.java MemoryRealm.java
> 
> 
> ccain       01/09/07 11:51:36
> 
>   Modified:    catalina/src/share/org/apache/catalina/realm 
> JDBCRealm.java
>                         JNDIRealm.java MemoryRealm.java
>   Log:
>   Change comparison of hex digests (in authentication) to be
>   case-insensitive, as base16 values themselves are case-insensitive.
>   
>   Revision  Changes    Path
>   1.18      +2 -2      
> jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/real
> m/JDBCRealm.java
>   
>   Index: JDBCRealm.java
>   ===================================================================
>   RCS file: 
> /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
> alina/realm/JDBCRealm.java,v
>   retrieving revision 1.17
>   retrieving revision 1.18
>   diff -u -r1.17 -r1.18
>   --- JDBCRealm.java  2001/09/06 03:43:11     1.17
>   +++ JDBCRealm.java  2001/09/07 18:51:36     1.18
>   @@ -95,7 +95,7 @@
>    * @author Craig R. McClanahan
>    * @author Carson McDonald
>    * @author Ignacio Ortega
>   -* @version $Revision: 1.17 $ $Date: 2001/09/06 03:43:11 $
>   +* @version $Revision: 1.18 $ $Date: 2001/09/07 18:51:36 $
>    */
>    
>    public class JDBCRealm
>   @@ -384,7 +384,7 @@
>            }
>    
>            // Validate the user's credentials
>   -        if (digest(credentials).equals(dbCredentials)) {
>   +        if (digest(credentials).equalsIgnoreCase(dbCredentials)) {
>                if (debug >= 2)
>                    log(sm.getString("jdbcRealm.authenticateSuccess",
>                                     username));
>   
>   
>   
>   1.4       +2 -2      
> jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/real
> m/JNDIRealm.java
>   
>   Index: JNDIRealm.java
>   ===================================================================
>   RCS file: 
> /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
> alina/realm/JNDIRealm.java,v
>   retrieving revision 1.3
>   retrieving revision 1.4
>   diff -u -r1.3 -r1.4
>   --- JNDIRealm.java  2001/09/06 03:43:11     1.3
>   +++ JNDIRealm.java  2001/09/07 18:51:36     1.4
>   @@ -144,7 +144,7 @@
>     *
>     * @author John Holman
>     * @author Craig R. McClanahan
>   - * @version $Revision: 1.3 $ $Date: 2001/09/06 03:43:11 $
>   + * @version $Revision: 1.4 $ $Date: 2001/09/07 18:51:36 $
>     */
>    
>    public class JNDIRealm extends RealmBase {
>   @@ -750,7 +750,7 @@
>            // Validate the credentials specified by the user
>            if (debug >= 3)
>                log("  validating credentials");
>   -        if (digest(credentials).equals(valueString)) {
>   +        if (digest(credentials).equalsIgnoreCase(valueString)) {
>                if (debug >= 2)
>                    log(sm.getString("jndiRealm.authenticateSuccess",
>                                     username));
>   
>   
>   
>   1.8       +5 -5      
> jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/real
> m/MemoryRealm.java
>   
>   Index: MemoryRealm.java
>   ===================================================================
>   RCS file: 
> /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
> alina/realm/MemoryRealm.java,v
>   retrieving revision 1.7
>   retrieving revision 1.8
>   diff -u -r1.7 -r1.8
>   --- MemoryRealm.java        2001/08/27 19:10:25     1.7
>   +++ MemoryRealm.java        2001/09/07 18:51:36     1.8
>   @@ -1,7 +1,7 @@
>    /*
>   - * $Header: 
> /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
> alina/realm/MemoryRealm.java,v 1.7 2001/08/27 19:10:25 craigmcc Exp $
>   - * $Revision: 1.7 $
>   - * $Date: 2001/08/27 19:10:25 $
>   + * $Header: 
> /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
> alina/realm/MemoryRealm.java,v 1.8 2001/09/07 18:51:36 ccain Exp $
>   + * $Revision: 1.8 $
>   + * $Date: 2001/09/07 18:51:36 $
>     *
>     * 
> ====================================================================
>     *
>   @@ -95,7 +95,7 @@
>     * synchronization is performed around accesses to the 
> principals collection.
>     *
>     * @author Craig R. McClanahan
>   - * @version $Revision: 1.7 $ $Date: 2001/08/27 19:10:25 $
>   + * @version $Revision: 1.8 $ $Date: 2001/09/07 18:51:36 $
>     */
>    
>    public final class MemoryRealm
>   @@ -205,7 +205,7 @@
>            GenericPrincipal principal =
>                (GenericPrincipal) principals.get(username);
>            if ((principal != null) &&
>   -            
> (digest(credentials).equals(principal.getPassword()))) {
>   +            
> (digest(credentials).equalsIgnoreCase(principal.getPassword()))) {
>                if (debug >= 2)
>                    
> log(sm.getString("memoryRealm.authenticateSuccess", username));
>                return (principal);
>   
>   
>   
>
RE: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JDBCRealm.java JNDIRealm.java MemoryRealm.java

Reply via email to
