[JBoss JIRA] (ELY-945) User names in Elytron FileSystemRealm are not case sensitive on Windows

Monday, 13 February 2017

    [
https://issues.jboss.org/browse/ELY-945?page=com.atlassian.jira.plugin.sy...
] 

David Lloyd commented on ELY-945:
---------------------------------

Maybe user names in any realm should be case-insensitive (relative to the ROOT locale). 
Having two users that only differ by case also seems like a potential security issue, and
many existing systems (such as email and DNS) that use names as principals in various
capacity are also case-insensitive.

...
 User names in Elytron FileSystemRealm are not case sensitive on
Windows
 -----------------------------------------------------------------------

                 Key: ELY-945
                 URL: https://issues.jboss.org/browse/ELY-945
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Josef Cacek
            Assignee: Darran Lofthouse
            Priority: Blocker

 User names are case sensitive on Linux but not on Windows when using the Elytron
{{FileSystemSecurityRealm}}
 This is IMO a security issue. And it also affects platform certifications.
 If this is by any chance an expected behavior, then it has to be emphasized in
documentation and in the domain model too (description of file-system-realm) 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006