Mercurial > p > roundup > code
comparison test/db_test_base.py @ 4480:1613754d2646
Fix first part of Password handling security issue2550688
(thanks Joseph Myers for reporting and Eli Collins for fixing)
Small change against original patch: We still accept plaintext passwords
(in known_schemes) when parsing encrypted password (e.g. from database).
This way existing databases with plaintext passwords continue to work (I
don't know of any, this would need patching on the users side) and all
regression tests pass.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 12:24:59 +0000 |
| parents | 34dce76bb202 |
| children | 559d9a2a0191 |
comparison
equal
deleted
inserted
replaced
| 4479:0bdcb1e7f7ce | 4480:1613754d2646 |
|---|---|
| 33 config.DATABASE = "db" | 33 config.DATABASE = "db" |
| 34 config.RDBMS_NAME = "rounduptest" | 34 config.RDBMS_NAME = "rounduptest" |
| 35 config.RDBMS_HOST = "localhost" | 35 config.RDBMS_HOST = "localhost" |
| 36 config.RDBMS_USER = "rounduptest" | 36 config.RDBMS_USER = "rounduptest" |
| 37 config.RDBMS_PASSWORD = "rounduptest" | 37 config.RDBMS_PASSWORD = "rounduptest" |
| 38 #config.RDBMS_TEMPLATE = "template0" | 38 config.RDBMS_TEMPLATE = "template0" |
| 39 #config.logging = MockNull() | 39 #config.logging = MockNull() |
| 40 # these TRACKER_WEB and MAIL_DOMAIN values are used in mailgw tests | 40 # these TRACKER_WEB and MAIL_DOMAIN values are used in mailgw tests |
| 41 config.MAIL_DOMAIN = "your.tracker.email.domain.example" | 41 config.MAIL_DOMAIN = "your.tracker.email.domain.example" |
| 42 config.TRACKER_WEB = "http://tracker.example/cgi-bin/roundup.cgi/bugs/" | 42 config.TRACKER_WEB = "http://tracker.example/cgi-bin/roundup.cgi/bugs/" |
| 43 # uncomment the following to have excessive debug output from test cases | 43 # uncomment the following to have excessive debug output from test cases |