[JDEV] 0K Authentication
Iain Shigeoka
iainshigeoka at yahoo.com
Fri Oct 12 10:21:19 CDT 2001
At 09:48 PM 10/11/2001 -0700, you wrote:
>Ah!
>
>I finally got it working! You know what the problem was? Apparently the
>algorithm was fine, but your answer took out one issue that I didn't have
>to worry about... However, it triggered another issue that I never
>thought about...
>
>Hashing lowercase hex is all good.. But also I have to return the final
>hash result in lowercase back to the server... Apparently, the server will
>not lowercase it first before starting to apply the hash..
>
>I lowercased the final hash and sent it back to the server and it accepted it!
>
>So just curious, should the server side at least implement a function such
>that the returned hash should be case insensitive rather than case
>sensitive? (And probably mention this in the JEP too)... I think the
>server should accomodate this and lowercase the authentication hash
>received from the client before hashing..
>
>What do you think?
I would agree. Hex numbers are (should be) case insensitive. if the
server can't accept upper case hex numbers I think it is a server bug.
-iain
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the JDev
mailing list