Vanilla List Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ahn@vec.wfubmc.edu: Re: [META:64] Error in last request..]
- To: vanilla-list@us.netrek.org
- Subject: [ahn@vec.wfubmc.edu: Re: [META:64] Error in last request..]
- From: Dave Ahn <ahn@vec.wfubmc.edu>
- Date: Mon, 29 Mar 1999 18:23:28 -0500
- Mail-Followup-To: vanilla-list@us.netrek.org
- Organization: Wake Forest University Baptist Medical Center
Forgot to CC vanilla-list.
----- Forwarded message from Dave Ahn <ahn@vec.wfubmc.edu> -----
Mailing-List: contact vanilla-metaserver-help@us.netrek.org; run by ezmlm
Precedence: bulk
Reply-To: vanilla-metaserver@us.netrek.org
Delivered-To: mailing list vanilla-metaserver@us.netrek.org
Date: Mon, 29 Mar 1999 18:21:53 -0500
From: Dave Ahn <ahn@vec.wfubmc.edu>
To: vanilla-metaserver@us.netrek.org
X-Mailer: Mutt 0.93.2i
In-Reply-To: <37000761.D1994D9C@stl.dec.com>; from James Cameron on Tue, Mar 30, 1999 at 09:06:09AM +1000
Organization: Wake Forest University Baptist Medical Center
Subject: Re: [META:64] Error in last request..
On Tue, Mar 30, 1999 at 09:06:09AM +1000, James Cameron wrote:
>
> Someone found the other day a problem with the seed to the crypt() call
> used to store the passwords. Does anybody remember the fix off-hand,
> and whether we should apply a permanent fix to the code base for the
> next release? Is there an incompatibility problem?
Dave Swasey identified the problem, and he implemented a change based on
what we talked about, which fixes the problem without breaking the existing
DB. He posted the changes to this list, so you should be able to get it
off the archives and commit the changes.
To sum it up, the salt used in crypt() should only be [a-zA-Z0-9./] instead
of the full range allowed in the player name. The solution is to use a
hash function that produces a valid salt from the player name, crypt the
password using the new salt, and compare the crypted string to the existing
string. If different, replace. In time, active players' passwds will be
fixed. Inactive players can be purged using trimscores or just ignored.
BTW, it should probably be noted that crypt() usually returns a pointer to
a static buffer that is overwritten during each successive call. This
could be a problem in the unlikely event of a truly simultaneous login.
But then, a lot of things break during a simultaneous login...
--
Dave Ahn <ahn@vec.wfubmc.edu> | "When you were born, you cried and the
| world rejoiced. Try to live your life
Virtual Endoscopy Center | so that when you die, you will rejoice
Wake Forest Univ. School of Medicine | and the world will cry." -1/2 jj^2
---------------------------------------------------------------------
To unsubscribe, e-mail: vanilla-metaserver-unsubscribe@us.netrek.org
For additional commands, e-mail: vanilla-metaserver-help@us.netrek.org
----- End forwarded message -----
--
Dave Ahn <ahn@vec.wfubmc.edu> | "When you were born, you cried and the
| world rejoiced. Try to live your life
Virtual Endoscopy Center | so that when you die, you will rejoice
Wake Forest Univ. School of Medicine | and the world will cry." -1/2 jj^2