You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2017/07/04 15:20:00 UTC
[jira] [Updated] (FELIX-5661) The heuristic to derive the password
type from the metatype id does not work reliably
[ https://issues.apache.org/jira/browse/FELIX-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler updated FELIX-5661:
------------------------------------
Fix Version/s: webconsole-4.3.6
> The heuristic to derive the password type from the metatype id does not work reliably
> -------------------------------------------------------------------------------------
>
> Key: FELIX-5661
> URL: https://issues.apache.org/jira/browse/FELIX-5661
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-4.3.4
> Reporter: Konrad Windszus
> Fix For: webconsole-4.3.6
>
>
> With FELIX-3168 support for password meta type data has been added. Not only meta data with type="password" are detected as such but also string meta data containing "password" in the id (https://github.com/apache/felix/blame/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/configuration/MetaTypeSupport.java#L183).
> This heuristic does not really work well. E.g. in Oak there is property with id="passwordHashAlgorithm" (type string) (https://github.com/apache/jackrabbit-oak/blob/2acda3156cfad9993310e7aa0492cdc0b65aa5f7/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java#L65) which should clearly not be detected as password type.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)