-
Dave Cridland authored
* OF-1278 Recurse more sensibly in SCRAM code Previously, we called setPassword if (and only if) there was a plaintext password present AND the configuration was for SCRAM hashed passwords only. However, we would then retest to see if there was a salt present, and then recurse, if there was a plaintext password present. This meant that if there were pre-existing users (with only plaintext or encrypted passwords) but with no SCRAM information, and the userInfo.salt was unset, recursion would continue indefinitely. * OF-1278 Recurse more sensibly in SCRAM code This patch further proofs against infinite recursion, and is more aggressive about SCRAMming pre-existing users. Recursion is now prevented from being more than one deep, as designed.
166b17c3
Name |
Last commit
|
Last update |
---|---|---|
build | ||
documentation | ||
src | ||
.gitignore | ||
.travis.yml | ||
LICENSE.txt | ||
Makefile | ||
README.md |