提交 0e90faf5 authored 作者: mysinmyc's avatar mysinmyc

fix password disclosure when a connection is performed to an old server

上级 799d9a48
...@@ -95,7 +95,7 @@ public class ConnectionInfo implements Cloneable { ...@@ -95,7 +95,7 @@ public class ConnectionInfo implements Cloneable {
"IFEXISTS", "INIT", "PASSWORD", "RECOVER", "RECOVER_TEST", "IFEXISTS", "INIT", "PASSWORD", "RECOVER", "RECOVER_TEST",
"USER", "AUTO_SERVER", "AUTO_SERVER_PORT", "NO_UPGRADE", "USER", "AUTO_SERVER", "AUTO_SERVER_PORT", "NO_UPGRADE",
"AUTO_RECONNECT", "OPEN_NEW", "PAGE_SIZE", "PASSWORD_HASH", "JMX", "AUTO_RECONNECT", "OPEN_NEW", "PAGE_SIZE", "PASSWORD_HASH", "JMX",
"SCOPE_GENERATED_KEYS", "AUTHREALM", "_PASSWORD" }; "SCOPE_GENERATED_KEYS", "AUTHREALM", "AUTHZPWD" };
HashSet<String> set = new HashSet<>(128); HashSet<String> set = new HashSet<>(128);
set.addAll(SetTypes.getTypes()); set.addAll(SetTypes.getTypes());
for (String key : connectionTime) { for (String key : connectionTime) {
...@@ -276,7 +276,7 @@ public class ConnectionInfo implements Cloneable { ...@@ -276,7 +276,7 @@ public class ConnectionInfo implements Cloneable {
private void preservePasswordForAuthentication(Object password) { private void preservePasswordForAuthentication(Object password) {
if ((!isRemote() || isSSL()) && prop.containsKey("AUTHREALM") && password!=null) { if ((!isRemote() || isSSL()) && prop.containsKey("AUTHREALM") && password!=null) {
prop.put("_PASSWORD",password); prop.put("AUTHZPWD",password);
} }
} }
...@@ -666,6 +666,6 @@ public class ConnectionInfo implements Cloneable { ...@@ -666,6 +666,6 @@ public class ConnectionInfo implements Cloneable {
public void cleanAuthenticationInfo() { public void cleanAuthenticationInfo() {
removeProperty("AUTHREALM", false); removeProperty("AUTHREALM", false);
removeProperty("_PASSWORD", false); removeProperty("AUTHZPWD", false);
} }
} }
...@@ -30,7 +30,7 @@ public class AuthenticationInfo { ...@@ -30,7 +30,7 @@ public class AuthenticationInfo {
if (this.realm!=null) { if (this.realm!=null) {
this.realm=StringUtils.toUpperEnglish(this.realm); this.realm=StringUtils.toUpperEnglish(this.realm);
} }
this.password = connectionInfo.getProperty("_PASSWORD", null); this.password = connectionInfo.getProperty("AUTHZPWD", null);
} }
public String getUserName() { public String getUserName() {
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论