[jboss-jira] [JBoss JIRA] (WFLY-8848) AUTH feature - plain tokes does case-insensitive comparison of shared secrets
Paul Ferraro (JIRA)
issues at jboss.org
Fri May 26 08:46:01 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Ferraro moved JBEAP-11169 to WFLY-8848:
--------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-8848 (was: JBEAP-11169)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Clustering
(was: Clustering)
Affects Version/s: No Release
(was: 7.1.0.DR18)
> AUTH feature - plain tokes does case-insensitive comparison of shared secrets
> -----------------------------------------------------------------------------
>
> Key: WFLY-8848
> URL: https://issues.jboss.org/browse/WFLY-8848
> Project: WildFly
> Issue Type: Bug
> Components: Clustering
> Affects Versions: No Release
> Reporter: Paul Ferraro
> Assignee: Paul Ferraro
>
> The same approach is used for a digest token (MD5 or SHA algorithm), where it is not a problem due to converting the shared secret to HEX prior doing case-insensitive compare. It is however a problem for a plain token.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list