Fixed security hole. Send hashed password to the browser. JM-817

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@5143 b35dd754-fafc-0310-a699-88a17e54d16e

Fixed security hole. Send hashed password to the browser. JM-817
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@5143 b35dd754-fafc-0310-a699-88a17e54d16e
f3ba51ee · Gaston Dombiak · gato · dfd5005b · f3ba51ee
Commit f3ba51ee authored Aug 31, 2006 by Gaston Dombiak Committed by gato Aug 31, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

system-email.jsp src/web/system-email.jsp +14 -2

No files found.
--- a/src/web/system-email.jsp
+++ b/src/web/system-email.jsp
@@ -49,7 +49,19 @@
            service.setPort(25);
        }
        service.setUsername(username);
-        service.setPassword(password);
+        // Get hash values of existing password and new one
+        String existingHashPassword = "";
+        String newHashPassword = "";
+        if (service.getPassword() != null) {
+            existingHashPassword = StringUtils.hash(service.getPassword());
+        }
+        if (password != null) {
+            newHashPassword = StringUtils.hash(password);
+        }
+        // Change password if hash values are different
+        if (!existingHashPassword.equals(newHashPassword)) {
+            service.setPassword(password);
+        }
        service.setDebugEnabled(debug);
        service.setSSLEnabled(ssl);
@@ -176,7 +188,7 @@
        	<fmt:message key="system.email.server_password" />:            
        </td>
        <td width="1%" nowrap>
-            <input type="password" name="server_password" value="<%= (password != null) ? password : "" %>" size="40" maxlength="150">
+            <input type="password" name="server_password" value="<%= (password != null) ? StringUtils.hash(password) : "" %>" size="40" maxlength="150">
        </td>
    </tr>