remm 2002/06/11 08:32:28
Modified: catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
- Fix a security problem with the JNDI realm, where blank passwords could be
used to authenticate.
- As a result, blank passwords are not allowed with the JNDI realm anymore.
- Bugzilla 9700.
- The fix will be in 4.1.5.
- Patch submitted by <jemiller at uchicago.edu>
and John Holman <mailto:j.g.holman at qmul.ac.uk>
Revision Changes Path
1.8 +6 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JNDIRealm.java 9 Jun 2002 02:19:43 -0000 1.7
+++ JNDIRealm.java 11 Jun 2002 15:32:28 -0000 1.8
@@ -716,7 +716,8 @@
String credentials)
throws NamingException {
- if (username == null || credentials == null)
+ if (username == null || username.equals("")
+ || credentials == null || credentials.equals(""))
return (null);
// Retrieve user information
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
