[JSPWIKI-21] Password hash is calculated using platform default encoding - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.104, 2.5.139-beta
Fix Version/s: 2.6.0
Component/s: Authentication & Authorization
Labels:
None

Description

AbstractUserDatabase.getHash():

 MessageDigest md = MessageDigest.getInstance( "SHA" );
 md.update( text.getBytes() );
 byte[] digestedBytes = md.digest();

Using text.getBytes() means that passwords outside of USASCII range are hashed with platforms default encoding. Which means that the userdatabase cannot be moved to another computer with a default different encoding.

Suggestion is to use UTF-8; that should be backwards compatible with the current case.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Janne Jalkanen

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 04/Nov/07 19:41

Updated:: 10/Sep/11 23:28

Resolved:: 18/Nov/07 12:57