You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by John Holman <j....@qmul.ac.uk> on 2002/07/27 18:24:20 UTC
Patch for security problem
Bug 11210 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210) is a
security problem which could have serious effects for people using
JNDIRealm with the Netscape/iPlanet JNDI LDAP provider
(com.netscape.jndi.ldap.LdapContextFactory). The default provider
(com.sun.jndi.ldap.LdapCtxFactory) works OK.
I believe the problem is due to a failure of the Netscape/iPlanet
provider to conform to the JNDI 1.2 specification - see the bugzilla
report for details. However, getting that fixed is likely to take a
while. The bug report includes a patch to JNDIRealm which avoids the
problem. Could someone please have a look at it and hopefully commit it?
(Remy has been committing my JNDIRealm patches but now that he's on
holiday/has left Sun I'm not sure how things stand).
Thanks, John
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>