This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have a web application deployed on websphere 7 and use web authentication form (j_security_check).
The problem is that when the username used for authentication contains astersiks(*) it will be matched.
For example, a user that has the following credentials "username/password" can be authenticated by "user*/password" and this can be a security flaw.
I can also connect to the websphere 7 administration console with admin* while the username is administrator
I want to see if there is a special configuration on websphere 7 that disables asterisks matching on authencation.
Can anyone help me please?
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: Asterisk(*) matched when it is contained within username on WAS 7