mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 20407f | patch | commitdiff
Jean-Noel Rouvignac
19.04.2013 5e608e44fafcac466488a3182190ec18ee4624e7
refs
author Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, September 19, 2013 15:04 +0200
committer Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, September 19, 2013 15:04 +0200
commit5e608e44fafcac466488a3182190ec18ee4624e7
tree ef2c0e857f450c8aefb1725ca7c7d080cd75a5fe tree | zip | gz
parent 20407f942c7c974ab44d5064241784f0937bfdb6 view | diff 
OPENDJ-1149 (CR-2334) Passwords should not be held in memory for the lifetime of a client connection


Note this change does not cater for:
- the bind operations where the password is used to authenticate. The password is held in memory for as long as it takes to complete the bind operation (and the OS flushing the network packets, etc.)
- REST operations where the web container (and the OS network stack) holds a HTTPServletRequest object for as long as it takes to process the request.


AuthenticationInfo.java:
Removed simplePassword and saslCredentials fields + getters (never used) to ensure they are not held for the lifetime of an LDAP connection.
In few methods, reversed conditions to ensure accessed variables are all directly put under a null check.

CollectClientConnectionsFilter.java
Wiped out the password ASAP, even though this is a bit pointless since the password is held by the web container for the lifetime of a REST call, either in the headers or via HTTP basic authentication.

*.java:
Consequence of the changes to AuthenticationInfo ctors.
7 files modified
370 ■■■■ changed files
opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java 7 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/extensions/ExternalSASLMechanismHandler.java 20 ●●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java 43 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/types/AuthenticationInfo.java 123 ●●●● diff | view | raw | blame | history
opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java 4 ●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java 31 ●●●● diff | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java 142 ●●●● diff | view | raw | blame | history