Side effect in RFBServer >>encryptPassword:

Hi,

I just passed several hours tracking a bug, and finally figured out
the its related to *RFBServer>>encryptPassword:* that *destroys* the
password string passed as argument (replaces all characters with $0).

Couldn't that code be now simply replaced by a call to *GRPlatform
current secureHashFor: password*? (That would also require adapting
#authenticateChallenge:response:)

Regards,
Reza

 

_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki

> I just passed several hours tracking a bug, and finally figured out the its
> related to *RFBServer>>encryptPassword:* that *destroys* the password string
> passed as argument (replaces all characters with $0).

I guess that's a security measure.

> Couldn't that code be now simply replaced by a call to *GRPlatform current
> secureHashFor: password*? (That would also require adapting
> #authenticateChallenge:response:)

Yes, but RFB is highly dependent on Pharo, so it doesn't really make
sense to make it also depend on Grease.

Lukas

--
Lukas Renggli
www.lukas-renggli.ch
_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki

At 13:36 17/04/2010, Lukas Renggli wrote:
>I guess that's a security measure.

Sure, but really tricky and uncommon, although extra easy to fix once
you know it.

>Yes, but RFB is highly dependent on Pharo, so it doesn't really make
>sense to make it also depend on Grease.

That's true. Maybe then we could simply add a comment somewhere.

Cheers,
Reza

_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki