DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9700>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9700 JNDIRealm authentication incorrectly succeeds with blank password ------- Additional Comments From [EMAIL PROTECTED] 2002-06-10 23:49 ------- I think I have a fix for this bug. There is a statement that I believe should be on line 719 in the authenticate() method in JNDIRealm.java that is the following, if (username == null || credentials == null) if you change it to the following, that seems to fix the problem. if (username == null || credentials == null || (username != null && username.equals("")) || (credentials != null && credentials.equals(""))) As you can see, it already checks for a null user name or password. The fix that I have just checks for an empty string as well. Can someone put this fix in for me? I'm new to using CVS. If there is a CVS command that I should use, please let me know. Thanks! -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
