Author: remy.maucherat(a)jboss.com Date: 2010-04-22 07:28:59 -0400 (Thu, 22 Apr 2010) New Revision: 1446 Modified: branches/2.1.x/java/org/apache/catalina/authenticator/BasicAuthenticator.java branches/2.1.x/java/org/apache/catalina/authenticator/DigestAuthenticator.java Log: - Info leak. Modified: branches/2.1.x/java/org/apache/catalina/authenticator/BasicAuthenticator.java =================================================================== --- branches/2.1.x/java/org/apache/catalina/authenticator/BasicAuthenticator.java 2010-04-22 11:28:40 UTC (rev 1445) +++ branches/2.1.x/java/org/apache/catalina/authenticator/BasicAuthenticator.java 2010-04-22 11:28:59 UTC (rev 1446) @@ -194,9 +194,7 @@ CharChunk authenticateCC = authenticate.getCharChunk(); authenticateCC.append("Basic realm=\""); if (config.getRealmName() == null) { - authenticateCC.append(request.getServerName()); - authenticateCC.append(':'); - authenticateCC.append(Integer.toString(request.getServerPort())); + authenticateCC.append("Realm"); } else { authenticateCC.append(config.getRealmName()); } Modified: branches/2.1.x/java/org/apache/catalina/authenticator/DigestAuthenticator.java =================================================================== --- branches/2.1.x/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2010-04-22 11:28:40 UTC (rev 1445) +++ branches/2.1.x/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2010-04-22 11:28:59 UTC (rev 1446) @@ -406,8 +406,7 @@ // Get the realm name String realmName = config.getRealmName(); if (realmName == null) - realmName = request.getServerName() + ":" - + request.getServerPort(); + realmName = "Realm"; byte[] buffer = null; synchronized (md5Helper) {