• Dave Cridland's avatar
    OF-1278 Do not be such an idiot while recursing (#751) · 166b17c3
    Dave Cridland authored
    * OF-1278 Recurse more sensibly in SCRAM code
    
    Previously, we called setPassword if (and only if) there was a plaintext password present AND the configuration was for SCRAM hashed passwords only.
    
    However, we would then retest to see if there was a salt present, and then recurse, if there was a plaintext password present.
    
    This meant that if there were pre-existing users (with only plaintext or encrypted passwords) but with no SCRAM information, and the userInfo.salt was unset, recursion would continue indefinitely.
    
    * OF-1278 Recurse more sensibly in SCRAM code
    
    This patch further proofs against infinite recursion, and is more aggressive about SCRAMming pre-existing users.
    
    Recursion is now prevented from being more than one deep, as designed.
    166b17c3
Name
Last commit
Last update
..
org Loading commit data...
overview.html Loading commit data...