[evolvis-commits] r18355: clean out user_pw on upgrade

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 12 20:40:28 CEST 2012


Author: mirabilos
Date: 2012-04-12 20:40:28 +0200 (Thu, 12 Apr 2012)
New Revision: 18355

Added:
   trunk/gforge_base/evolvisforge-5.1/src/db/20120412-nuke-md5.sql
Modified:
   trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl
Log:
clean out user_pw on upgrade

Added: trunk/gforge_base/evolvisforge-5.1/src/db/20120412-nuke-md5.sql
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/db/20120412-nuke-md5.sql	                        (rev 0)
+++ trunk/gforge_base/evolvisforge-5.1/src/db/20120412-nuke-md5.sql	2012-04-12 18:40:28 UTC (rev 18355)
@@ -0,0 +1,4 @@
+-- remove the stored MD5-hashed unsalted password for all users
+-- to avoid rainbow table attacks, should the DB ever be leaked
+
+UPDATE users SET user_pw='X';

Modified: trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl	2012-04-12 18:40:24 UTC (rev 18354)
+++ trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl	2012-04-12 18:40:28 UTC (rev 18355)
@@ -2508,6 +2508,7 @@
 
     &update_with_sql("20120321-add-news-in-activity_vw","5.1-12");
     &update_with_sql("20120329-pfo-rbac", "5.1-12+ev1");
+    &update_with_sql("20120412-nuke-md5", "5.1-12+ev2");
 
     ########################### INSERT HERE #################################
 



More information about the evolvis-commits mailing list