diff options
| author | terry%netscape.com <> | 1998-09-03 03:52:48 +0200 |
|---|---|---|
| committer | terry%netscape.com <> | 1998-09-03 03:52:48 +0200 |
| commit | 968e9d7a88eeb91e635b88b7e5ae5b795e0b4225 (patch) | |
| tree | 48fd47f41237d9436e4d066be67a869ca4769992 /makelogincookiestable.sh | |
| parent | a40c093d9249b8afcf14a4eccc02127d0bd18a08 (diff) | |
| download | bugzilla-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.gz bugzilla-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.xz | |
Changed the way password validation works. We now keep a
crypt'd version of the password in the database, and check against
that. (This is silly, because we're also keeping the plaintext
version there, but I have plans...) Stop passing the plaintext
password around as a cookie; instead, we have a cookie that references
a record in a new database table, logincookies.
IMPORTANT: if updating from an older version of Bugzilla, you must run
the following commands to keep things working:
./makelogincookiestable.sh
echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs
echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
Diffstat (limited to 'makelogincookiestable.sh')
| -rwxr-xr-x | makelogincookiestable.sh | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/makelogincookiestable.sh b/makelogincookiestable.sh new file mode 100755 index 000000000..be0c465b1 --- /dev/null +++ b/makelogincookiestable.sh @@ -0,0 +1,40 @@ +#!/bin/sh +# +# The contents of this file are subject to the Mozilla Public License +# Version 1.0 (the "License"); you may not use this file except in +# compliance with the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the +# License for the specific language governing rights and limitations +# under the License. +# +# The Original Code is the Bugzilla Bug Tracking System. +# +# The Initial Developer of the Original Code is Netscape Communications +# Corporation. Portions created by Netscape are Copyright (C) 1998 +# Netscape Communications Corporation. All Rights Reserved. +# +# Contributor(s): Terry Weissman <terry@mozilla.org> + +mysql bugs > /dev/null 2>/dev/null << OK_ALL_DONE + +drop table logincookies; +OK_ALL_DONE + +mysql bugs << OK_ALL_DONE + +create table logincookies ( + cookie mediumint not null auto_increment primary key, + userid mediumint not null, + cryptpassword varchar(64), + hostname varchar(128), + lastused timestamp, + index(lastused) +); + +show columns from logincookies; +show index from logincookies; + +OK_ALL_DONE |