Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Change the compare method for acl signature to improve the security. #8882

Closed
1 task done
dingshuangxi888 opened this issue Nov 1, 2024 · 0 comments · Fixed by #8883
Closed
1 task done

[Enhancement] Change the compare method for acl signature to improve the security. #8882

dingshuangxi888 opened this issue Nov 1, 2024 · 0 comments · Fixed by #8883
Labels
type/enhancement

Comments

@dingshuangxi888
Copy link
Contributor

Before Creating the Enhancement Request

  • I have confirmed that this should be classified as an enhancement rather than a bug/feature.

Summary

Change the compare method for acl signature to improve the security.

Motivation

Change the compare method for acl signature to improve the security.

Describe the Solution You'd Like

Use the MessageDigest.isEqual method instead of the StringUtils.equals method.

Describe Alternatives You've Considered

MessageDigest.isEqual is more secure in extreme scenarios.

Additional Context

No response
@dingshuangxi888 dingshuangxi888 mentioned this issue Nov 1, 2024
Merged
RongtongJin pushed a commit that referenced this issue Nov 7, 2024
@dingshuangxi888
[ISSUE #8882] Change the compare method for acl signature to improve …
8514734 
…the security. (#8883)

* Change the compare method for acl signature to improve the security.

* Change the compare method for acl signature to improve the security.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/enhancement
Projects
None yet
Milestone
No milestone
2 participants
@dingshuangxi888 @RongtongJin