Convert password storage to SHA.

So, ya, after much wailing and gnashing of teeth, I have emerged victorious from combat with introductory ruby. It was a fearful battle, and Ruby fought well, but the passwords are now safe from the likes of anyone who might have access to the server. # Please enter the commit message for your changes. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # modified: cgi-bin/access.rb # modified: index.html #
2011-06-22 18:06:25 -06:00 · 2011-06-22 18:06:25 -06:00 · 9a7af27b55
commit 9a7af27b55
parent e077c8f1f2
2 changed files with 2 additions and 1 deletions
--- a/cgi-bin/access.rb
+++ b/cgi-bin/access.rb
@ -15,6 +15,7 @@ require 'rubygems'
 require 'cgi'
 require 'serialport'
 require 'json'
+require 'digest/sha2'

 cgi = CGI.new
 userfile = File.read('../../users.json')
@ -22,7 +23,7 @@ users = JSON.parse(userfile)

 puts "Content-type: text/html \r\n\r\n"

-if(users[cgi['user']]['pass'] == cgi['pass']) then
+if users[cgi['user']]['pass'].to_s == (Digest::SHA2.new(bitlen=512) << cgi['pass']).to_s then
  
  serial = SerialPort.new("/dev/ttyUSB0", 57600, 8, 1, SerialPort::NONE)
  serial.print "e 1234\r"
--- a/index.html
+++ b/index.html