Mercurial > p > roundup > code
diff test/db_test_base.py @ 4480:1613754d2646
Fix first part of Password handling security issue2550688
(thanks Joseph Myers for reporting and Eli Collins for fixing)
Small change against original patch: We still accept plaintext passwords
(in known_schemes) when parsing encrypted password (e.g. from database).
This way existing databases with plaintext passwords continue to work (I
don't know of any, this would need patching on the users side) and all
regression tests pass.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 12:24:59 +0000 |
| parents | 34dce76bb202 |
| children | 559d9a2a0191 |
line wrap: on
line diff
--- a/test/db_test_base.py Thu Apr 14 09:21:23 2011 +0000 +++ b/test/db_test_base.py Thu Apr 14 12:24:59 2011 +0000 @@ -35,7 +35,7 @@ config.RDBMS_HOST = "localhost" config.RDBMS_USER = "rounduptest" config.RDBMS_PASSWORD = "rounduptest" -#config.RDBMS_TEMPLATE = "template0" +config.RDBMS_TEMPLATE = "template0" #config.logging = MockNull() # these TRACKER_WEB and MAIL_DOMAIN values are used in mailgw tests config.MAIL_DOMAIN = "your.tracker.email.domain.example"