ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madhan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (RANGER-1618) PasswordUtil is not thread-safe
Date Fri, 26 May 2017 20:04:04 GMT

     [ https://issues.apache.org/jira/browse/RANGER-1618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Madhan Neethiraj resolved RANGER-1618.
--------------------------------------
       Resolution: Fixed
    Fix Version/s: 0.7.1

Committed to the following branches:
 - master: http://git-wip-us.apache.org/repos/asf/ranger/commit/dffbad4a
 - ranger-0.7: http://git-wip-us.apache.org/repos/asf/ranger/commit/4e1eb0e9

Thanks [~gzsombor].

> PasswordUtil is not thread-safe
> -------------------------------
>
>                 Key: RANGER-1618
>                 URL: https://issues.apache.org/jira/browse/RANGER-1618
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: master
>            Reporter: Zsombor Gegesy
>            Assignee: Zsombor Gegesy
>              Labels: concurrency, security, thread-safety
>             Fix For: 1.0.0, 0.7.1
>
>         Attachments: 0001-RANGER-1618-Static-mutable-variables-are-a-way-to-in.patch
>
>
> As the PasswordUtil has a couple of static variables, which is modified during the encryptPassword/decyptPassword
calls - there is a possibility that concurrent calls overwrites the values, resulting in a
hard to debug errors.
> And it would be nice to add a couple of tests for this utility.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message