[SER-94] Autologin cookie should be encoded with real encryption

Type: Improvement
Resolution: Fixed
Priority: Medium
Fix Version/s: 0.10
Affects Version/s: None
Labels:
None

Last commented by user?:
true

The autologin cookie currently isn't encrypted, which is rather alarming considering it contains the user name and password. Instead, it is XOR'ed with character offsets, which is insecure. The text, if we really need to put a user name and password in there, needs to be encrypted with a real encryption algorithm.

causes

SER-117 Seraph throws IllegalBlockSizeException when trying to read the cookie when a particular user visits JIRA

Closed

relates to

SER-29 Cookie login may not work under certain conditions.

RESOLVED

Jed Wesley-Smith (Inactive) made changes - 09/May/2008 1:10 AM

Fix Version/s		New: 0.10 [ 13214 ]
Affects Version/s	Original: 0.10 [ 13214 ]

Jed Wesley-Smith (Inactive) made changes - 09/May/2008 1:10 AM

Affects Version/s

New: 0.10 [ 13214 ]

Jed Wesley-Smith (Inactive) made changes - 09/May/2008 1:06 AM

Link

New: This issue causes ~~SER-117~~ [ ~~SER-117~~ ]

Samuel Le Berrigaud made changes - 23/Jan/2008 11:42 PM

Workflow

Original: jira [ 105628 ]

New: reviewflow [ 121205 ]

Matt Ryall made changes - 27/Nov/2007 12:08 AM

Link

New: This issue relates to ~~SER-29~~ [ ~~SER-29~~ ]

Don Brown (Inactive) made changes - 14/Sep/2007 6:53 AM

Assignee		New: Don Brown [ dbrown@atlassian.com ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Don Brown (Inactive) created issue - 14/Sep/2007 6:45 AM

Assignee:: Don Brown (Inactive)

Reporter:: Don Brown (Inactive)

Participants:: Don Brown

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 14/Sep/2007 6:45 AM

Updated:: 09/May/2008 1:10 AM

Resolved:: 14/Sep/2007 6:53 AM

Last commented:: 17 years, 45 weeks, 1 day ago

Estimated:

Remaining:

Logged:

Not Specified

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

Time Tracking