aboutsummaryrefslogtreecommitdiffstats
path: root/relogin.cgi
diff options
context:
space:
mode:
authorterry%netscape.com <>1998-09-03 01:52:48 +0000
committerterry%netscape.com <>1998-09-03 01:52:48 +0000
commit968e9d7a88eeb91e635b88b7e5ae5b795e0b4225 (patch)
tree48fd47f41237d9436e4d066be67a869ca4769992 /relogin.cgi
parenta40c093d9249b8afcf14a4eccc02127d0bd18a08 (diff)
downloadbugs-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar
bugs-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.gz
bugs-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.bz2
bugs-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.xz
bugs-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.zip
Changed the way password validation works. We now keep a
crypt'd version of the password in the database, and check against that. (This is silly, because we're also keeping the plaintext version there, but I have plans...) Stop passing the plaintext password around as a cookie; instead, we have a cookie that references a record in a new database table, logincookies. IMPORTANT: if updating from an older version of Bugzilla, you must run the following commands to keep things working: ./makelogincookiestable.sh echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
Diffstat (limited to 'relogin.cgi')
-rwxr-xr-xrelogin.cgi1
1 files changed, 1 insertions, 0 deletions
diff --git a/relogin.cgi b/relogin.cgi
index e56949604..4bc1a394c 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -26,6 +26,7 @@ source CGI.tcl
puts "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
Content-type: text/html