diff options
| author | Philipp Sehmisch <crush@themanaworld.org> | 2009-12-04 22:16:26 +0100 |
|---|---|---|
| committer | Philipp Sehmisch <crush@themanaworld.org> | 2009-12-04 22:16:26 +0100 |
| commit | 625d8282af5a4da4b6d5c9a31e542680acd5e7b3 (patch) | |
| tree | accd2ed06790318b54bb88cc4e1290626429bf09 /src/net/manaserv | |
| parent | 51fc0fa1fffda1da0a71f7248ca809bbc5b87620 (diff) | |
| download | mana-client-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.gz mana-client-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.bz2 mana-client-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.xz mana-client-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.zip | |
Moved password hashing during registration to the client
Diffstat (limited to 'src/net/manaserv')
| -rw-r--r-- | src/net/manaserv/loginhandler.cpp | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/net/manaserv/loginhandler.cpp b/src/net/manaserv/loginhandler.cpp index bd29d1d9..9abef806 100644 --- a/src/net/manaserv/loginhandler.cpp +++ b/src/net/manaserv/loginhandler.cpp @@ -421,10 +421,8 @@ void LoginHandler::registerAccount(LoginData *loginData) msg.writeInt32(0); // client version msg.writeString(loginData->username); - // When registering, the password and email hash is assumed by server. - // Hence, data can be validated safely server-side. - // This is the only time we send a clear password. - msg.writeString(loginData->password); + // Use a hashed password for privacy reasons + msg.writeString(sha256(loginData->username + loginData->password)); msg.writeString(loginData->email); msg.writeString(loginData->captchaResponse); |