Moved password hashing during registration to the client

author: Philipp Sehmisch <crush@themanaworld.org> 2009-12-04 22:16:26 +0100
committer: Philipp Sehmisch <crush@themanaworld.org> 2009-12-04 22:16:26 +0100
commit: 625d8282af5a4da4b6d5c9a31e542680acd5e7b3 (patch)
tree: accd2ed06790318b54bb88cc4e1290626429bf09
parent: 51fc0fa1fffda1da0a71f7248ca809bbc5b87620 (diff)
download: mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.gz
mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.bz2
mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.xz
mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/net/manaserv/loginhandler.cpp b/src/net/manaserv/loginhandler.cpp
index bd29d1d9..9abef806 100644
--- a/src/net/manaserv/loginhandler.cpp
+++ b/src/net/manaserv/loginhandler.cpp
@@ -421,10 +421,8 @@ void LoginHandler::registerAccount(LoginData *loginData)
 
     msg.writeInt32(0); // client version
     msg.writeString(loginData->username);
-    // When registering, the password and email hash is assumed by server.
-    // Hence, data can be validated safely server-side.
-    // This is the only time we send a clear password.
-    msg.writeString(loginData->password);
+    // Use a hashed password for privacy reasons
+    msg.writeString(sha256(loginData->username + loginData->password));
     msg.writeString(loginData->email);
     msg.writeString(loginData->captchaResponse);
author	Philipp Sehmisch <crush@themanaworld.org>	2009-12-04 22:16:26 +0100
committer	Philipp Sehmisch <crush@themanaworld.org>	2009-12-04 22:16:26 +0100
commit	625d8282af5a4da4b6d5c9a31e542680acd5e7b3 (patch)
tree	accd2ed06790318b54bb88cc4e1290626429bf09
parent	51fc0fa1fffda1da0a71f7248ca809bbc5b87620 (diff)
download	mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.gz mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.bz2 mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.xz mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.zip