• Dave Cridland's avatar
    OF-1278 Do not be such an idiot while recursing (#751) · 166b17c3
    Dave Cridland authored
    * OF-1278 Recurse more sensibly in SCRAM code
    
    Previously, we called setPassword if (and only if) there was a plaintext password present AND the configuration was for SCRAM hashed passwords only.
    
    However, we would then retest to see if there was a salt present, and then recurse, if there was a plaintext password present.
    
    This meant that if there were pre-existing users (with only plaintext or encrypted passwords) but with no SCRAM information, and the userInfo.salt was unset, recursion would continue indefinitely.
    
    * OF-1278 Recurse more sensibly in SCRAM code
    
    This patch further proofs against infinite recursion, and is more aggressive about SCRAMming pre-existing users.
    
    Recursion is now prevented from being more than one deep, as designed.
    166b17c3
Name
Last commit
Last update
build Loading commit data...
documentation Loading commit data...
src Loading commit data...
.gitignore Loading commit data...
.travis.yml Loading commit data...
LICENSE.txt Loading commit data...
Makefile Loading commit data...
README.md Loading commit data...