Hi Andrea,
We have to make sure this fix is also applied to GN 2.0 so it can be included in a minor release 2.0.3. We may just need to compile a 2.0.3 geonetwork.jar so people can update their systems without much effort!?
Ciao,
Jeroen
On Sep 7, 2006, at 3:23 PM, Andrea Carboni wrote:
Update of /cvsroot/geonetwork/geonetwork/src/org/fao/geonet/services/login
In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv25272/src/org/fao/geonet/services/loginModified Files:
Login.java
Log Message:
Fixed security holeIndex: Login.java
RCS file: /cvsroot/geonetwork/geonetwork/src/org/fao/geonet/services/login/Login.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** Login.java 29 Jul 2006 12:56:00 -0000 1.9
--- Login.java 7 Sep 2006 13:23:17 -0000 1.10
***************
*** 66,71 ****
Dbms dbms = (Dbms) context.getResourceManager().open(Geonet.Res.MAIN_DB);! Element elUser = dbms.select( "SELECT * FROM Users " +
! "WHERE username='" + sUser + "' AND password='" + sPass + "'");List list = elUser.getChildren();
--- 66,74 ----
Dbms dbms = (Dbms) context.getResourceManager().open(Geonet.Res.MAIN_DB);! Vector args = new Vector();
! args.add(sUser);
! args.add(sPass);
!
! Element elUser = dbms.select("SELECT * FROM Users WHERE username = ? AND password = ?", args);List list = elUser.getChildren();
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
GeoNetwork-commit mailing list
GeoNetwork-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-commit