From 9cd36fcfdf2b67adfe23153c565c95580d40f396 Mon Sep 17 00:00:00 2001
From: Philipp Sehmisch <crush@themanaworld.org>
Date: Fri, 4 Dec 2009 22:16:58 +0100
Subject: Moved password hashing during registration to the client.

---
 src/account-server/accounthandler.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/account-server/accounthandler.cpp')

diff --git a/src/account-server/accounthandler.cpp b/src/account-server/accounthandler.cpp
index 9a3674db..73fffb49 100644
--- a/src/account-server/accounthandler.cpp
+++ b/src/account-server/accounthandler.cpp
@@ -382,10 +382,10 @@ void AccountHandler::handleRegisterMessage(AccountClient &client, MessageIn &msg
     {
         Account *acc = new Account;
         acc->setName(username);
-        // We set the password
-        // TODO: apply hashing here and during login
         acc->setPassword(password);
-        // We hash email server-side without using a salt.
+        // We hash email server-side for additional privacy
+        // we ask for it again when we need it and verify it
+        // through comparing it with the hash
         acc->setEmail(sha256(email));
         acc->setLevel(AL_PLAYER);
 
-- 
cgit v1.2.3-60-g2f50