Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Merge pull request #116 from wolfgangmm/develop

Ignore null password for user account
  • Loading branch information...
2 parents 0e3cc8c + 80d3135 commit 96cade2cc67cc88c5825af7ac0c62ede9acf91db @shabanovd shabanovd committed
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/org/exist/security/
7 src/org/exist/security/
@@ -430,7 +430,12 @@ public boolean updateAccount(final Account account) throws PermissionDeniedExcep
- updatingAccount.setPassword(account.getPassword());
+ final String passwd = account.getPassword();
+ if (passwd != null) {
+ // if password is empty, ignore it to keep the old one
+ // assumes that empty passwords should never be allowed
@dizzzz Owner
dizzzz added a note

empty password = zero length string?

@shabanovd Owner

null here mean password was not set

@dizzzz Owner
dizzzz added a note

right but "if password is empty" means for me string("") ; my fault :-)

@shabanovd Owner

there several types of "emptiness" ... -)

@dizzzz Owner
dizzzz added a note

hmmmm it is a different between 'non-existent' and 'empty' no?

@shabanovd Owner

now you have to smile -)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ updatingAccount.setPassword(account.getPassword());
+ }
//update the metadata

1 comment on commit 96cade2


I think, that simply

1) null means do not change
2) empty string means an empty password
3) any other string means a non-empty password

Surely it does not need to be any more complicated?

Please sign in to comment.
Something went wrong with that request. Please try again.