revert to insecure, but dau-proof defaults

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3898 6c8d7289-2bf4-0310-a012-ef5d649a1542
18 years ago · 465145cb6f
parent 7ad11ceaaa
commit 465145cb6f
2 changed files with 1 additions and 1 deletions
--- a/source/de/anomic/http/httpd.java
+++ b/source/de/anomic/http/httpd.java
@ -303,6 +303,7 @@ public final class httpd implements serverHandler {
        //if (authorization.length() < 6) return 1; // no authentication information given
        //authorization = authorization.trim().substring(6);
        String adminAccountBase64MD5 = sw.getConfig(ADMIN_ACCOUNT_B64MD5, "");
+        if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
        if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok
        return 0;
    }
--- a/source/de/anomic/plasma/plasmaSwitchboard.java
+++ b/source/de/anomic/plasma/plasmaSwitchboard.java
@ -2992,7 +2992,6 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
        
        // authorization by encoded password, only for localhost access
        if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) return 3; // soft-authenticated for localhost
-        if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(""))) return 2; // no password set, yet. only for localhost

        // authorization by hit in userDB
        if (userDB.hasAdminRight((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx"), ((String) header.get("CLIENTIP", "")), header.getHeaderCookies())) return 4; //return, because 4=max