cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vadim Chekan (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CASSANDRA-6233) Authentication is broken for the protocol v1 on C* 2.0
Date Thu, 24 Oct 2013 20:24:03 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-6233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13804627#comment-13804627
] 

Vadim Chekan edited comment on CASSANDRA-6233 at 10/24/13 8:23 PM:
-------------------------------------------------------------------

It seems authenticated login is not covered by any unit tests...
Would it be better to use apache's CaseInsensitiveMap?
http://commons.apache.org/proper/commons-collections/javadocs/api-release/org/apache/commons/collections4/map/CaseInsensitiveMap.html


was (Author: vchekan):
It seems authenticated login is not covered by any unit tests...

> Authentication is broken for the protocol v1 on C* 2.0
> ------------------------------------------------------
>
>                 Key: CASSANDRA-6233
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6233
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sylvain Lebresne
>            Assignee: Sylvain Lebresne
>             Fix For: 2.0.3
>
>         Attachments: 6233.txt
>
>
> CASSANDRA-5664 simplified the decoding method of CredentialsMessage by using CBUtil.readStringMap
(instead of duplicating the code). Unfortunately, that latter method turns his keys to uppercase
(to provide some form of case insensitivity for keys), and in the case of CredentialsMessage
this breaks PasswordAuthenticator that expect lowercased keys (besides, it's a bad idea to
mess up with the case of the credentials map in general).
> Making CBUtil.readStringMap uppercase keys was probably a bad idea in the first place
(as nothing in the method name imply this), so attaching patch that remove this (and uppercase
keys specifically in StartupMessage where that was done on purpose).



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message