Mercurial > p > roundup > code
diff CHANGES.txt @ 4483:22bc0426e348
Second patch from issue2550688 -- with some changes:
- password.py now has a second class JournalPassword used for journal
storage. We have some backends that directly store serialized python
objects. Also when reading from the journal some backends expected the
string read to be usable as a parameter to a Password constructor.
This now calls a JournalPassword constructor in all these cases.
The new JournalPassword just keeps the scheme and has an empty
password.
- some factoring, move redundant implementation of "history" from
rdbms_common and back_anydbm to hyperdb.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Thu, 14 Apr 2011 15:42:41 +0000 |
| parents | cb479067e970 |
| children | 52e13bf0bb40 |
line wrap: on
line diff
--- a/CHANGES.txt Thu Apr 14 12:54:52 2011 +0000 +++ b/CHANGES.txt Thu Apr 14 15:42:41 2011 +0000 @@ -76,8 +76,9 @@ (Ralf Schlatterbeck) - Fixed bug in mailgw refactoring, patch issue2550697 (thanks Hubert Touvet) -- Fix first part of Password handling security issue2550688 (thanks - Joseph Myers for reporting and Eli Collins for fixing) +- Fix Password handling security issue2550688 (thanks Joseph Myers for + reporting and Eli Collins for fixing) -- this fixes all observations + by Joseph Myers except for auto-migration of existing passwords. 2010-10-08 1.4.16 (r4541)