[SER-94] Autologin cookie should be encoded with real encryption

Type: Improvement
Resolution: Fixed
Priority: Medium
Fix Version/s: 0.10
Affects Version/s: None
Labels:
None

Last commented by user?:
true

The autologin cookie currently isn't encrypted, which is rather alarming considering it contains the user name and password. Instead, it is XOR'ed with character offsets, which is insecure. The text, if we really need to put a user name and password in there, needs to be encrypted with a real encryption algorithm.

causes

SER-117 Seraph throws IllegalBlockSizeException when trying to read the cookie when a particular user visits JIRA

Closed

relates to

SER-29 Cookie login may not work under certain conditions.

RESOLVED

No work has yet been logged on this issue.

Assignee:: Don Brown (Inactive)

Reporter:: Don Brown (Inactive)

Participants:: Don Brown

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 14/Sep/2007 6:45 AM

Updated:: 09/May/2008 1:10 AM

Resolved:: 14/Sep/2007 6:53 AM

Last commented:: 17 years, 48 weeks ago

Estimated:

Remaining:

Logged:

Not Specified

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

Time Tracking