You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Florian Holeczek (JIRA)" <ji...@apache.org> on 2011/09/11 01:29:09 UTC

[jira] [Closed] (JSPWIKI-21) Password hash is calculated using platform default encoding

     [ https://issues.apache.org/jira/browse/JSPWIKI-21?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Florian Holeczek closed JSPWIKI-21.
-----------------------------------


> Password hash is calculated using platform default encoding
> -----------------------------------------------------------
>
>                 Key: JSPWIKI-21
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-21
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.4.104, 2.5.139-beta
>            Reporter: Janne Jalkanen
>             Fix For: 2.6.0
>
>
> AbstractUserDatabase.getHash():
> {code}
>  MessageDigest md = MessageDigest.getInstance( "SHA" );
>  md.update( text.getBytes() );
>  byte[] digestedBytes = md.digest();
> {code}
> Using text.getBytes() means that passwords outside of USASCII range are hashed with platforms default encoding.  Which means that the userdatabase cannot be moved to another computer with a default different encoding.
> Suggestion is to use UTF-8; that should be backwards compatible with the current case.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira