diff options
| author | mkanat%kerio.com <> | 2005-07-13 12:56:58 +0200 |
|---|---|---|
| committer | mkanat%kerio.com <> | 2005-07-13 12:56:58 +0200 |
| commit | f1923f8e85501143d0be63d872c726159440f6c1 (patch) | |
| tree | 0eee13f099d9f79f5072acaca60ded9293402e00 /Bugzilla/Auth.pm | |
| parent | 4b29000946fb102e2db7d8ac5c6c502c03387de1 (diff) | |
| download | bugzilla-f1923f8e85501143d0be63d872c726159440f6c1.tar.gz bugzilla-f1923f8e85501143d0be63d872c726159440f6c1.tar.xz | |
Bug 300336: Bugzilla::Auth should not contain any exported subroutines
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
Diffstat (limited to 'Bugzilla/Auth.pm')
| -rw-r--r-- | Bugzilla/Auth.pm | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 91a0abf83..887caf049 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -23,8 +23,6 @@ package Bugzilla::Auth; use strict; -use base qw(Exporter); -@Bugzilla::Auth::EXPORT = qw(bz_crypt); use Bugzilla::Config; use Bugzilla::Constants; @@ -44,31 +42,6 @@ BEGIN { } } -sub bz_crypt ($) { - my ($password) = @_; - - # The list of characters that can appear in a salt. Salts and hashes - # are both encoded as a sequence of characters from a set containing - # 64 characters, each one of which represents 6 bits of the salt/hash. - # The encoding is similar to BASE64, the difference being that the - # BASE64 plus sign (+) is replaced with a forward slash (/). - my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/'); - - # Generate the salt. We use an 8 character (48 bit) salt for maximum - # security on systems whose crypt uses MD5. Systems with older - # versions of crypt will just use the first two characters of the salt. - my $salt = ''; - for ( my $i=0 ; $i < 8 ; ++$i ) { - $salt .= $saltchars[rand(64)]; - } - - # Crypt the password. - my $cryptedpassword = crypt($password, $salt); - - # Return the crypted password. - return $cryptedpassword; -} - # PRIVATE # A number of features, like password change requests, require the DB @@ -160,11 +133,6 @@ __END__ Bugzilla::Auth - Authentication handling for Bugzilla users -=head1 SYNOPSIS - - # Class Functions - $crypted = bz_crypt($password); - =head1 DESCRIPTION Handles authentication for Bugzilla users. @@ -184,23 +152,6 @@ authentication or login modules. =over 4 -=item C<bz_crypt($password)> - -Takes a string and returns a C<crypt>ed value for it, using a random salt. - -Please always use this function instead of the built-in perl "crypt" -when initially encrypting a password. - -=begin undocumented - -Random salts are generated because the alternative is usually -to use the first two characters of the password itself, and since -the salt appears in plaintext at the beginning of the encrypted -password string this has the effect of revealing the first two -characters of the password to anyone who views the encrypted version. - -=end undocumented - =item C<Bugzilla::Auth::get_netaddr($ipaddr)> Given an ip address, this returns the associated network address, using |