[jboss-jira] [JBoss JIRA] (WFLY-8848) AUTH feature - plain token does case-insensitive comparison of shared secrets
Paul Ferraro (JIRA)
issues at jboss.org
Fri May 26 08:47:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Ferraro updated WFLY-8848:
-------------------------------
Summary: AUTH feature - plain token does case-insensitive comparison of shared secrets (was: AUTH feature - plain tokes does case-insensitive comparison of shared secrets)
> AUTH feature - plain token does case-insensitive comparison of shared secrets
> -----------------------------------------------------------------------------
>
> Key: WFLY-8848
> URL: https://issues.jboss.org/browse/WFLY-8848
> Project: WildFly
> Issue Type: Bug
> Components: Clustering
> Affects Versions: No Release
> Reporter: Paul Ferraro
> Assignee: Paul Ferraro
>
> The same approach is used for a digest token (MD5 or SHA algorithm), where it is not a problem due to converting the shared secret to HEX prior doing case-insensitive compare. It is however a problem for a plain token.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list