![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Thu, 14 Apr 2011 12:24:59 +0000 (12:24 +0000) | ||
| committer | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Thu, 14 Apr 2011 12:24:59 +0000 (12:24 +0000) | ||
| commit | dbc35d39450d413b1eb0aa2f9d4580dd0e34b2ac | |
| tree | eae15a0d87b71a45b8713524e48220ceb3afdb26 | tree | snapshot |
| parent | fb10034059c18670cc3ef68113ff1cac553139cb | commit | diff |
Fix first part of Password handling security issue2550688 (thanks
Joseph Myers for reporting and Eli Collins for fixing)
Small change against original patch: We still accept plaintext passwords
(in known_schemes) when parsing encrypted password (e.g. from database).
This way existing databases with plaintext passwords continue to work (I
don't know of any, this would need patching on the users side) and all
regression tests pass.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4589 57a73879-2fb5-44c3-a270-3262357dd7e2
Joseph Myers for reporting and Eli Collins for fixing)
Small change against original patch: We still accept plaintext passwords
(in known_schemes) when parsing encrypted password (e.g. from database).
This way existing databases with plaintext passwords continue to work (I
don't know of any, this would need patching on the users side) and all
regression tests pass.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4589 57a73879-2fb5-44c3-a270-3262357dd7e2