This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Websphere and the fly likes Asterisk(*) matched when it is contained within username on WAS 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Asterisk(*) matched when it is contained within username on WAS 7 " Watch "Asterisk(*) matched when it is contained within username on WAS 7 " New topic
Author

Asterisk(*) matched when it is contained within username on WAS 7

amine spirit
Greenhorn

Joined: Mar 24, 2012
Posts: 1
Hello,

I have a web application deployed on websphere 7 and use web authentication form (j_security_check).

The problem is that when the username used for authentication contains astersiks(*) it will be matched.

For example, a user that has the following credentials "username/password" can be authenticated by "user*/password" and this can be a security flaw.
I can also connect to the websphere 7 administration console with admin* while the username is administrator

I want to see if there is a special configuration on websphere 7 that disables asterisks matching on authencation.
Can anyone help me please?
 
Consider Paul's rocket mass heater.
 
subject: Asterisk(*) matched when it is contained within username on WAS 7
 
Similar Threads
Microsoft Sharepoint web services from java client
Accessing secure web pages with JTextPane
spring mvc authentication
authenticating website users with mysql dbase
Microsoft Sharepoint web service from Java client