Moti Asayag has submitted this change and it was merged. Change subject: utils: allow spaces within encrypted fields ...................................................................... utils: allow spaces within encrypted fields Ever since 3.0 (probably even before) the encryption of database fields that was used is invalid, it uses RSA to encrypt blobs instead of using ciphers within envelope. It also stores null and empty strings as plain, and to make it even better it trims spaces out of the input for some reason. To conclude security... if decryption fails it falls back to use the blob as plain text. This logic was untouched, under the hope that we slowly remove usages of it. AAA does not use it any more, we should remove all. For now, we remove the trim() as if the password of trim() actually works so far it will keep working, new passwords with leading/trailing spaces will be rejected. The risk is if for some reason we have " "* in database field it will be rejected as valid password, fixing it will be re-set password by user to empty one. Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1258867 Change-Id: I2ca15519ec245efd82e71f2ec39abd4ca1fe81c2 Signed-off-by: Alon Bar-Lev <alonbl@redhat.com> --- M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/crypt/EngineEncryptionUtils.java 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Alon Bar-Lev: Verified Tal Nisan: Looks good to me, but someone else must approve Jenkins CI: Passed CI tests Moti Asayag: Looks good to me, approved -- To view, visit https://gerrit.ovirt.org/45587 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2ca15519ec245efd82e71f2ec39abd4ca1fe81c2 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Allon Mureinik <amureini@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Moti Asayag <masayag@redhat.com> Gerrit-Reviewer: Tal Nisan <tnisan@redhat.com> Gerrit-Reviewer: automation@ovirt.org