[jboss-jira] [JBoss JIRA] (ELY-945) User names in Elytron FileSystemRealm are not case sensitive on Windows
David Lloyd (JIRA)
issues at jboss.org
Mon Feb 13 15:56:00 EST 2017
[ https://issues.jboss.org/browse/ELY-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13362828#comment-13362828 ]
David Lloyd commented on ELY-945:
---------------------------------
Maybe user names in any realm should be case-insensitive (relative to the ROOT locale). Having two users that only differ by case also seems like a potential security issue, and many existing systems (such as email and DNS) that use names as principals in various capacity are also case-insensitive.
> User names in Elytron FileSystemRealm are not case sensitive on Windows
> -----------------------------------------------------------------------
>
> Key: ELY-945
> URL: https://issues.jboss.org/browse/ELY-945
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> User names are case sensitive on Linux but not on Windows when using the Elytron {{FileSystemSecurityRealm}}
> This is IMO a security issue. And it also affects platform certifications.
> If this is by any chance an expected behavior, then it has to be emphasized in documentation and in the domain model too (description of file-system-realm)
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list