]> git.ipfire.org Git - thirdparty/bugzilla.git/commit
Changed the way password validation works. We now keep a
authorterry%netscape.com <>
Thu, 3 Sep 1998 01:52:48 +0000 (01:52 +0000)
committerterry%netscape.com <>
Thu, 3 Sep 1998 01:52:48 +0000 (01:52 +0000)
commit968e9d7a88eeb91e635b88b7e5ae5b795e0b4225
tree48fd47f41237d9436e4d066be67a869ca4769992
parenta40c093d9249b8afcf14a4eccc02127d0bd18a08
Changed the way password validation works.  We now keep a
crypt'd version of the password in the database, and check against
that.  (This is silly, because we're also keeping the plaintext
version there, but I have plans...)  Stop passing the plaintext
password around as a cookie; instead, we have a cookie that references
a record in a new database table, logincookies.

IMPORTANT: if updating from an older version of Bugzilla, you must run
the following commands to keep things working:

 ./makelogincookiestable.sh
 echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs
 echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
CGI.tcl
changepassword.cgi
globals.tcl
makelogincookiestable.sh [new file with mode: 0755]
makeprofilestable.sh
query.cgi
relogin.cgi