Convert password storage to SHA.
So, ya, after much wailing and gnashing of teeth, I have emerged victorious from combat with introductory ruby. It was a fearful battle, and Ruby fought well, but the passwords are now safe from the likes of anyone who might have access to the server. # Please enter the commit message for your changes. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # modified: cgi-bin/access.rb # modified: index.html #
This commit is contained in:
parent
e077c8f1f2
commit
9a7af27b55
|
@ -15,6 +15,7 @@ require 'rubygems'
|
||||||
require 'cgi'
|
require 'cgi'
|
||||||
require 'serialport'
|
require 'serialport'
|
||||||
require 'json'
|
require 'json'
|
||||||
|
require 'digest/sha2'
|
||||||
|
|
||||||
cgi = CGI.new
|
cgi = CGI.new
|
||||||
userfile = File.read('../../users.json')
|
userfile = File.read('../../users.json')
|
||||||
|
@ -22,7 +23,7 @@ users = JSON.parse(userfile)
|
||||||
|
|
||||||
puts "Content-type: text/html \r\n\r\n"
|
puts "Content-type: text/html \r\n\r\n"
|
||||||
|
|
||||||
if(users[cgi['user']]['pass'] == cgi['pass']) then
|
if users[cgi['user']]['pass'].to_s == (Digest::SHA2.new(bitlen=512) << cgi['pass']).to_s then
|
||||||
|
|
||||||
serial = SerialPort.new("/dev/ttyUSB0", 57600, 8, 1, SerialPort::NONE)
|
serial = SerialPort.new("/dev/ttyUSB0", 57600, 8, 1, SerialPort::NONE)
|
||||||
serial.print "e 1234\r"
|
serial.print "e 1234\r"
|
||||||
|
|
0
index.html
Executable file → Normal file
0
index.html
Executable file → Normal file
Loading…
Reference in New Issue
Block a user