You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Madhan Neethiraj (JIRA)" <ji...@apache.org> on 2017/05/26 20:04:04 UTC
[jira] [Resolved] (RANGER-1618) PasswordUtil is not thread-safe
[ https://issues.apache.org/jira/browse/RANGER-1618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Madhan Neethiraj resolved RANGER-1618.
--------------------------------------
Resolution: Fixed
Fix Version/s: 0.7.1
Committed to the following branches:
- master: http://git-wip-us.apache.org/repos/asf/ranger/commit/dffbad4a
- ranger-0.7: http://git-wip-us.apache.org/repos/asf/ranger/commit/4e1eb0e9
Thanks [~gzsombor].
> PasswordUtil is not thread-safe
> -------------------------------
>
> Key: RANGER-1618
> URL: https://issues.apache.org/jira/browse/RANGER-1618
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: master
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Labels: concurrency, security, thread-safety
> Fix For: 1.0.0, 0.7.1
>
> Attachments: 0001-RANGER-1618-Static-mutable-variables-are-a-way-to-in.patch
>
>
> As the PasswordUtil has a couple of static variables, which is modified during the encryptPassword/decyptPassword calls - there is a possibility that concurrent calls overwrites the values, resulting in a hard to debug errors.
> And it would be nice to add a couple of tests for this utility.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)