-
Dave Cridland authored
* OF-1278 Recurse more sensibly in SCRAM code Previously, we called setPassword if (and only if) there was a plaintext password present AND the configuration was for SCRAM hashed passwords only. However, we would then retest to see if there was a salt present, and then recurse, if there was a plaintext password present. This meant that if there were pre-existing users (with only plaintext or encrypted passwords) but with no SCRAM information, and the userInfo.salt was unset, recursion would continue indefinitely. * OF-1278 Recurse more sensibly in SCRAM code This patch further proofs against infinite recursion, and is more aggressive about SCRAMming pre-existing users. Recursion is now prevented from being more than one deep, as designed.
a1978314
