mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: ace678 | patch | commitdiff
Jean-Noel Rouvignac
19.04.2013 c682ab4e7b92b0fa0e40eda96acd48599b157c48
refs
author Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, September 19, 2013 15:04 +0200
committer Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Thursday, September 19, 2013 15:04 +0200
commitc682ab4e7b92b0fa0e40eda96acd48599b157c48
tree b957f92a8c91f4772d9bb624f0869df63474fa7f tree | zip | gz
parent ace6782510d158afcea090c1f711595d09d01066 view | diff 
OPENDJ-1149 (CR-2334) Passwords should not be held in memory for the lifetime of a client connection


Note this change does not cater for:
- the bind operations where the password is used to authenticate. The password is held in memory for as long as it takes to complete the bind operation (and the OS flushing the network packets, etc.)
- REST operations where the web container (and the OS network stack) holds a HTTPServletRequest object for as long as it takes to process the request.


AuthenticationInfo.java:
Removed simplePassword and saslCredentials fields + getters (never used) to ensure they are not held for the lifetime of an LDAP connection.
In few methods, reversed conditions to ensure accessed variables are all directly put under a null check.

CollectClientConnectionsFilter.java
Wiped out the password ASAP, even though this is a bit pointless since the password is held by the web container for the lifetime of a REST call, either in the headers or via HTTP basic authentication.

*.java:
Consequence of the changes to AuthenticationInfo ctors.
7 files modified
370 ■■■■ changed files
opendj-sdk/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java 7 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/extensions/ExternalSASLMechanismHandler.java 20 ●●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java 43 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/types/AuthenticationInfo.java 123 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java 4 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java 31 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java 142 ●●●● diff | view | raw | blame | history