DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9700>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9700 JNDIRealm authentication incorrectly succeeds with blank password [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Critical ------- Additional Comments From [EMAIL PROTECTED] 2002-06-11 08:43 ------- Thanks for reporting this - please would a committer fix it as soon as possible. It's obviously a serious security problem for anyone using the new JNDIRealm functionality (doesn't affect previous functionality) if (username == null || username.equals(""") || credentials == null || credentials.equals("")) would be a bit simpler than the suggested patch. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
