Important SECURITY FIX!

The UserDB Passwordcheck was buggy since 1138, any password allows access with the rights of 
the user!

USE SVN or disable all Users(take away all Rights)


git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1246 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 19 years ago
parent 0f1212feb9
commit 28f890ee3e

@ -238,9 +238,10 @@ public final class userDB {
}catch(IOException e){} }catch(IOException e){}
return null; return null;
} }
}
return entry; return entry;
} }
return null;
}
public Entry md5Auth(String user, String md5){ public Entry md5Auth(String user, String md5){
Entry entry=this.getEntry(user); Entry entry=this.getEntry(user);
if( entry != null && entry.getMD5EncodedUserPwd().equals(md5)){ if( entry != null && entry.getMD5EncodedUserPwd().equals(md5)){

Loading…
Cancel
Save