diff options
author | Philipp Sehmisch <crush@themanaworld.org> | 2009-12-04 22:20:13 +0100 |
---|---|---|
committer | Philipp Sehmisch <crush@themanaworld.org> | 2009-12-04 22:44:21 +0100 |
commit | 7bad1baf48b87a1068d7c78882f6e32b071421b9 (patch) | |
tree | 558a9c02031c4d7626c9d3422b0541e8a27ef207 /src | |
parent | 9cd36fcfdf2b67adfe23153c565c95580d40f396 (diff) | |
download | manaserv-7bad1baf48b87a1068d7c78882f6e32b071421b9.tar.gz manaserv-7bad1baf48b87a1068d7c78882f6e32b071421b9.tar.bz2 manaserv-7bad1baf48b87a1068d7c78882f6e32b071421b9.tar.xz manaserv-7bad1baf48b87a1068d7c78882f6e32b071421b9.zip |
Added server-sided SHA256 encryption of passwords as discussed.
Diffstat (limited to 'src')
-rw-r--r-- | src/account-server/accounthandler.cpp | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/src/account-server/accounthandler.cpp b/src/account-server/accounthandler.cpp index 73fffb49..794cbd11 100644 --- a/src/account-server/accounthandler.cpp +++ b/src/account-server/accounthandler.cpp @@ -227,7 +227,7 @@ void AccountHandler::handleLoginMessage(AccountClient &client, MessageIn &msg) // Check if the account exists Account *acc = storage->getAccount(username); - if (!acc || acc->getPassword() != password) + if (!acc || acc->getPassword() != sha256(password)) { reply.writeByte(ERRMSG_INVALID_ARGUMENT); client.send(reply); @@ -382,7 +382,7 @@ void AccountHandler::handleRegisterMessage(AccountClient &client, MessageIn &msg { Account *acc = new Account; acc->setName(username); - acc->setPassword(password); + acc->setPassword(sha256(password)); // We hash email server-side for additional privacy // we ask for it again when we need it and verify it // through comparing it with the hash @@ -507,8 +507,8 @@ void AccountHandler::handleEmailChangeMessage(AccountClient &client, MessageIn & void AccountHandler::handlePasswordChangeMessage(AccountClient &client, MessageIn &msg) { - std::string oldPassword = msg.readString(); - std::string newPassword = msg.readString(); + std::string oldPassword = sha256(msg.readString()); + std::string newPassword = sha256(msg.readString()); MessageOut reply(APMSG_PASSWORD_CHANGE_RESPONSE); @@ -517,10 +517,6 @@ void AccountHandler::handlePasswordChangeMessage(AccountClient &client, MessageI { reply.writeByte(ERRMSG_NO_LOGIN); } - else if (newPassword.length() != SHA256_HASH_LENGTH) - { - reply.writeByte(ERRMSG_INVALID_ARGUMENT); - } else if (stringFilter->findDoubleQuotes(newPassword)) { reply.writeByte(ERRMSG_INVALID_ARGUMENT); |