[jboss-jira] [JBoss JIRA] (JGRP-1100) ENCRYPT debug log prints "hex" output in ambiguous format
Bela Ban (Resolved) (JIRA)
jira-events at lists.jboss.org
Tue Oct 18 08:12:45 EDT 2011
[ https://issues.jboss.org/browse/JGRP-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban resolved JGRP-1100.
----------------------------
Fix Version/s: 2.4.10
Resolution: Done
OK, I removed formatArray() from ENCRYPT. IMO, it's bad to log the secret key anyway: someone could enable logging for ENCRYPT dynamically (e.g. probe.sh op=ENCRYPT.setLevel["debug"]) and would then know the secret shared key...
> ENCRYPT debug log prints "hex" output in ambiguous format
> ---------------------------------------------------------
>
> Key: JGRP-1100
> URL: https://issues.jboss.org/browse/JGRP-1100
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 2.4.7
> Reporter: Dennis Reed
> Assignee: Dennis Reed
> Fix For: 2.4.10, 3.0
>
>
> ENCRYPT.formatArray doesn't convert a byte array straight to hex.
> It leaves off any leading 0 in a byte and appends ffffff in front of any negative byte.
> This prevents the original data from easily being reconstructed from the log for debugging purposes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list