Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Asterisk(*) matched when it is contained within username on WAS 7

 
amine spirit
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I have a web application deployed on websphere 7 and use web authentication form (j_security_check).

The problem is that when the username used for authentication contains astersiks(*) it will be matched.

For example, a user that has the following credentials "username/password" can be authenticated by "user*/password" and this can be a security flaw.
I can also connect to the websphere 7 administration console with admin* while the username is administrator

I want to see if there is a special configuration on websphere 7 that disables asterisks matching on authencation.
Can anyone help me please?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic