summaryrefslogtreecommitdiffstats
path: root/makelogincookiestable.sh
AgeCommit message (Collapse)AuthorFilesLines
1998-09-03Changed the way password validation works. We now keep aterry%netscape.com1-0/+40
crypt'd version of the password in the database, and check against that. (This is silly, because we're also keeping the plaintext version there, but I have plans...) Stop passing the plaintext password around as a cookie; instead, we have a cookie that references a record in a new database table, logincookies. IMPORTANT: if updating from an older version of Bugzilla, you must run the following commands to keep things working: ./makelogincookiestable.sh echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs