Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.hd.d.pg2k.svrCore.props
Class SimplepassProps

java.lang.Object
  extended by org.hd.d.pg2k.svrCore.props.SimplepassProps

public final class SimplepassProps
extends java.lang.Object

Encapsulates the simplepass password file. This can not be serialised and can only be constructed from the file indicated by LocalProps.getSimplePassfile().

Field Summary
private static int SIMPLEPASS_FAILURE_PAUSE
          How long to wait (ms) on an unsuccessful lookup.
private static java.lang.String SIMPLEPASS_PREFIX
          The "simplepass" prefix, including the trailing dot.
private  java.util.Map<java.lang.String,java.lang.String> simplepassMap
          The immutable private map from author initials to plaintext password.
private static SimplepassProps singleton
          The current singleton SimplepassProps object, if any.
 long timestamp
          Timestamp of this properties set.
private static boolean USE_SIMPLEPASS
          If true, allow use of pg2k.upload.simplepass.XXX simple passwords.
 
Constructor Summary
private SimplepassProps(java.io.File pf)
          Construct a new, immutable, properties set.
 
Method Summary
 boolean authorUploadPasswordCorrect(java.lang.String auth, java.lang.String pass)
          Returns true if presented author upload password is correct.
private static SimplepassProps getSimplepassProps()
          Get the current SimplepassProps object, if any.
static boolean isAuthorUploadPasswordCorrect(java.lang.String auth, java.lang.String pass)
          Returns true if the quoted password is correct for the given author.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

singleton

private static SimplepassProps singleton
The current singleton SimplepassProps object, if any. This may be null if USE_SIMPLEPASS is null or if there is no simplepass value set in LocalProps or there is no file.

timestamp

public final long timestamp
Timestamp of this properties set.

USE_SIMPLEPASS

private static final boolean USE_SIMPLEPASS
If true, allow use of pg2k.upload.simplepass.XXX simple passwords. This is a primative password system for author exhibit uploads.

These will only be used in any case if a more advanced and safer password store is not available.

Note that these passwords are:

so should be considered generally unacceptable for normal use.

See Also:
Constant Field Values

SIMPLEPASS_PREFIX

private static final java.lang.String SIMPLEPASS_PREFIX
The "simplepass" prefix, including the trailing dot. This is followed by the author initials with the value being the password. The password value must meet constraints set elsewhere (in the code) such as maximum and minimum length.

See Also:
Constant Field Values

simplepassMap

private final java.util.Map<java.lang.String,java.lang.String> simplepassMap
The immutable private map from author initials to plaintext password. It is a shame that these will be floating around in the heap unprotected.

This map is threadsafe because it is read-only.

The map is String to String.

Will be null if USE_SIMPLEPASS is false.

We don't directly disclose passwords, just check if they are valid or not. We hold a lock on the password while checking a password, and if it is wrong we wait a while still holding the lock, to make dictionary attacks harder at the risk of making some denial of service attacks easier.

SIMPLEPASS_FAILURE_PAUSE

private static final int SIMPLEPASS_FAILURE_PAUSE
How long to wait (ms) on an unsuccessful lookup.

See Also:
Constant Field Values
Constructor Detail

SimplepassProps

private SimplepassProps(java.io.File pf)
                 throws java.io.IOException
Construct a new, immutable, properties set. The properties must be non-null and the timestamp must be non-negative.

Minor problems with the properties themselves will be silently ignored, and defaults substituted for broken or missing values.

This is only designed to be fetched by the factory method.

Parameters:
pf - is the passfile
Throws:
java.io.IOException
Method Detail

isAuthorUploadPasswordCorrect

public static final boolean isAuthorUploadPasswordCorrect(java.lang.String auth,
                                                          java.lang.String pass)
Returns true if the quoted password is correct for the given author. This can only return true if simplepass passwords are enabled and are set up correctly in LocalProps and in a simplepass file.

Will return false if either parameter is null or zero-length.

Parameters:
auth - the author initials; must be correct syntactically
pass - the password; must be of a valid length
Returns:
true if the quoted password is correct

getSimplepassProps

private static SimplepassProps getSimplepassProps()
Get the current SimplepassProps object, if any. This object normally exists as a singleton, being replaced only if the simplepass file changes and can be read.

authorUploadPasswordCorrect

public final boolean authorUploadPasswordCorrect(java.lang.String auth,
                                                 java.lang.String pass)
Returns true if presented author upload password is correct. The author name must be valid and the password non-null and non-zero-length to avoid trivial typo-related attacks.

Overview  Package   Class  Tree  Deprecated  Index  Help 
DHD Multimedia Gallery V1.60.69
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright (c) 1996-2012, Damon Hart-Davis. All rights reserved.