This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Websphere and the fly likes Asterisk(*) matched when it is contained within username on WAS 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Websphere
Bookmark "Asterisk(*) matched when it is contained within username on WAS 7 " Watch "Asterisk(*) matched when it is contained within username on WAS 7 " New topic
Author

Asterisk(*) matched when it is contained within username on WAS 7

amine spirit
Greenhorn

Joined: Mar 24, 2012
Posts: 1
Hello,

I have a web application deployed on websphere 7 and use web authentication form (j_security_check).

The problem is that when the username used for authentication contains astersiks(*) it will be matched.

For example, a user that has the following credentials "username/password" can be authenticated by "user*/password" and this can be a security flaw.
I can also connect to the websphere 7 administration console with admin* while the username is administrator

I want to see if there is a special configuration on websphere 7 that disables asterisks matching on authencation.
Can anyone help me please?
 
GeeCON Prague 2014
 
subject: Asterisk(*) matched when it is contained within username on WAS 7