[jcifs] A bug in 1.2.17 ?
Asaf Mesika
asaf.mesika at gmail.com
Tue Feb 5 16:53:56 GMT 2008
Do you think this fix can be done for 1.2.18 ?
Thanks,
Asaf
WorkLight
On Nov 26, 2007 7:36 PM, Michael B Allen <miallen at ioplex.com> wrote:
> I don't know about that. I'll think about it.
>
> On Mon, 26 Nov 2007 19:15:28 +0200
> "Asaf Mesika" <asaf.mesika at gmail.com> wrote:
>
> > Ok, if so, do you think it can be changed to Arrays.Equals ? It will
> solve
> > the bug in my system, as I've described it.
> > I don't mind doing the fix my self, if you can point me to an
> instruction
> > manual (subversion address, guide lines , etc...)
> >
> >
> > On Nov 26, 2007 6:24 PM, Michael B Allen <miallen at ioplex.com> wrote:
> >
> > > On Mon, 26 Nov 2007 10:49:06 +0200
> > > "Asaf Mesika" <asaf.mesika at gmail.com> wrote:
> > >
> > > > The NtlmPasswordAuthentication object is passed between the two
> parts
> > > using
> > > > XStream, which means its converted to XML and back to an object.
> > > >
> > > > The XML method creates the situation in which the auth.challenge is
> not
> > > the
> > > > same object as session.transport.server.encryptionKey but *contains
> the
> > > same
> > > > content.*
> > > >
> > > > What do you think?
> > > >
> > > > Maybe you can give me some pointers to understand why there's need
> to
> > > check
> > > > it is the same object and not check the contents alone?
> > >
> > > We use a logical comparison only because that is all that is
> > > needed. Arrays.equals should work equally well I think. That whole
> check
> > > is only there to prevent the wrong challenge from accidentally being
> > > use which under normal circumstances should never happen anyway.
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list