Convert password storage to SHA.

So, ya, after much wailing and gnashing of teeth, I have emerged victorious from combat
with introductory ruby. It was a fearful battle, and Ruby fought well, but the passwords
are now safe from the likes of anyone who might have access to the server.

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch master
# Changes to be committed:
#   (use "git reset HEAD <file>..." to unstage)
#
#	modified:   cgi-bin/access.rb
#	modified:   index.html
#
This commit is contained in:
Ryan Rix 2011-06-22 18:06:25 -06:00
parent e077c8f1f2
commit 9a7af27b55
2 changed files with 2 additions and 1 deletions

View File

@ -15,6 +15,7 @@ require 'rubygems'
require 'cgi' require 'cgi'
require 'serialport' require 'serialport'
require 'json' require 'json'
require 'digest/sha2'
cgi = CGI.new cgi = CGI.new
userfile = File.read('../../users.json') userfile = File.read('../../users.json')
@ -22,7 +23,7 @@ users = JSON.parse(userfile)
puts "Content-type: text/html \r\n\r\n" puts "Content-type: text/html \r\n\r\n"
if(users[cgi['user']]['pass'] == cgi['pass']) then if users[cgi['user']]['pass'].to_s == (Digest::SHA2.new(bitlen=512) << cgi['pass']).to_s then
serial = SerialPort.new("/dev/ttyUSB0", 57600, 8, 1, SerialPort::NONE) serial = SerialPort.new("/dev/ttyUSB0", 57600, 8, 1, SerialPort::NONE)
serial.print "e 1234\r" serial.print "e 1234\r"

0
index.html Executable file → Normal file
View File