You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by bhavik patel <bh...@gmail.com> on 2022/03/22 14:29:19 UTC
Review Request 73909: RANGER-3678 : Update password validation criteria
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3678
https://issues.apache.org/jira/browse/RANGER-3678
Repository: ranger
Description
-------
Update password validation for "passwordchange" api and changepassword utility.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
Diff: https://reviews.apache.org/r/73909/diff/1/
Testing
-------
Verified on local VM's.
Thanks,
bhavik patel
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by KirbY ZhoU <zh...@sensorsdata.cn>.
true == Character.isLetter('中')
false == Character.isUpperCase('中')
false == Character.isLowerCase('中')
false == Character.isTitleCase('中')
Practically speaking, I think the password characters should be limited to ISO-646 7-bit character set.
Otherwise, Can't guarantee that you can enter on all keyboards.
-------
I am Kirby Zhou.
I Can not reply on review board now, do not know what happens.
在 2022/3/23, 15:09,“bhavik patel”<noreply@reviews.apache.org 代表 bhavikpatel552@gmail.com> 写入:
> On March 23, 2022, 6:47 a.m., Kirby Zhou wrote:
> > security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
> > Line 145 (original), 151 (patched)
> > <https://reviews.apache.org/r/73909/diff/1/?file=2266948#file2266948line151>
> >
> > hasAlpha is no more need
>
> bhavik patel wrote:
> Alpha is required, I have checked the definition for isLetter():
>
> "Not all letters have case. Many characters are letters but are neither uppercase nor lowercase nor titlecase."
>
> Kirby Zhou wrote:
> I think isLetter can't deduce (isUpper || isLower), but (isUpper || isLower) can deduce isLetter.
> So there is no need to check isLetter.
How it will check for special characters which are neither uppercase nor lowercase?
- bhavik
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224197
-----------------------------------------------------------
On March 22, 2022, 2:29 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated March 22, 2022, 2:29 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
>
>
> Diff: https://reviews.apache.org/r/73909/diff/1/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by bhavik patel <bh...@gmail.com>.
> On March 23, 2022, 6:47 a.m., Kirby Zhou wrote:
> > security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
> > Line 145 (original), 151 (patched)
> > <https://reviews.apache.org/r/73909/diff/1/?file=2266948#file2266948line151>
> >
> > hasAlpha is no more need
>
> bhavik patel wrote:
> Alpha is required, I have checked the definition for isLetter():
>
> "Not all letters have case. Many characters are letters but are neither uppercase nor lowercase nor titlecase."
>
> Kirby Zhou wrote:
> I think isLetter can't deduce (isUpper || isLower), but (isUpper || isLower) can deduce isLetter.
> So there is no need to check isLetter.
How it will check for special characters which are neither uppercase nor lowercase?
- bhavik
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224197
-----------------------------------------------------------
On March 22, 2022, 2:29 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated March 22, 2022, 2:29 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
>
>
> Diff: https://reviews.apache.org/r/73909/diff/1/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by Kirby Zhou <ki...@gmail.com>.
> On 三月 23, 2022, 6:47 a.m., Kirby Zhou wrote:
> > security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
> > Line 145 (original), 151 (patched)
> > <https://reviews.apache.org/r/73909/diff/1/?file=2266948#file2266948line151>
> >
> > hasAlpha is no more need
>
> bhavik patel wrote:
> Alpha is required, I have checked the definition for isLetter():
>
> "Not all letters have case. Many characters are letters but are neither uppercase nor lowercase nor titlecase."
I think isLetter can't deduce (isUpper || isLower), but (isUpper || isLower) can deduce isLetter.
So there is no need to check isLetter.
- Kirby
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224197
-----------------------------------------------------------
On 三月 22, 2022, 2:29 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated 三月 22, 2022, 2:29 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
>
>
> Diff: https://reviews.apache.org/r/73909/diff/1/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by bhavik patel <bh...@gmail.com>.
> On March 23, 2022, 6:47 a.m., Kirby Zhou wrote:
> > security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
> > Line 145 (original), 151 (patched)
> > <https://reviews.apache.org/r/73909/diff/1/?file=2266948#file2266948line151>
> >
> > hasAlpha is no more need
Alpha is required, I have checked the definition for isLetter():
"Not all letters have case. Many characters are letters but are neither uppercase nor lowercase nor titlecase."
- bhavik
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224197
-----------------------------------------------------------
On March 22, 2022, 2:29 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated March 22, 2022, 2:29 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
>
>
> Diff: https://reviews.apache.org/r/73909/diff/1/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by Kirby Zhou <ki...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224197
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/common/StringUtil.java
Line 145 (original), 151 (patched)
<https://reviews.apache.org/r/73909/#comment313095>
hasAlpha is no more need
- Kirby Zhou
On 三月 22, 2022, 2:29 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated 三月 22, 2022, 2:29 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
>
>
> Diff: https://reviews.apache.org/r/73909/diff/1/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by Kirby Zhou <ki...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224205
-----------------------------------------------------------
Ship it!
Ship It!
- Kirby Zhou
On 三月 24, 2022, 5:06 a.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated 三月 24, 2022, 5:06 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java a71dfb902
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
> security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 5273ad82d
>
>
> Diff: https://reviews.apache.org/r/73909/diff/2/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by bhavik patel <bh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/
-----------------------------------------------------------
(Updated March 24, 2022, 5:06 a.m.)
Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3678
https://issues.apache.org/jira/browse/RANGER-3678
Repository: ranger
Description
-------
Update password validation for "passwordchange" api and changepassword utility.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java a71dfb902
security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 5273ad82d
Diff: https://reviews.apache.org/r/73909/diff/2/
Changes: https://reviews.apache.org/r/73909/diff/1-2/
Testing
-------
Verified on local VM's.
Thanks,
bhavik patel
Re: Review Request 73909: RANGER-3678 : Update password validation criteria
Posted by Kirby Zhou <ki...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73909/#review224204
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
Line 263 (original), 263 (patched)
<https://reviews.apache.org/r/73909/#comment313100>
It should be a static compiled regex pattern
- Kirby Zhou
On 三月 22, 2022, 2:29 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73909/
> -----------------------------------------------------------
>
> (Updated 三月 22, 2022, 2:29 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Kirby Zhou, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3678
> https://issues.apache.org/jira/browse/RANGER-3678
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Update password validation for "passwordchange" api and changepassword utility.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/StringUtil.java 8debc2403
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java 9f86bf36a
>
>
> Diff: https://reviews.apache.org/r/73909/diff/1/
>
>
> Testing
> -------
>
> Verified on local VM's.
>
>
> Thanks,
>
> bhavik patel
>
>