Changeset 1737


Ignore:
Timestamp:
05/04/09 19:42:18 (12 years ago)
Author:
svonolfe
Message:

Passwords are now stored in MD5 in the database (#532)

Location:
trunk/sources
Files:
1 deleted
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/sources/HeuristicLab.Security.ADODataAccess/3.2/HLUserAdapter.cs

    r1729 r1737  
    5555
    5656        if (!row.IsPasswordNull())
    57           user.Password = row.Password;
     57          user.SetPlainPassword(row.Password);
    5858        else
    59           user.Password = String.Empty;
     59          user.SetPlainPassword(String.Empty);
    6060
    6161        if (!row.IsMailAddressNull())
  • trunk/sources/HeuristicLab.Security.Contracts/3.2/BusinessObjects/User.cs

    r1656 r1737  
    2424using System.Text;
    2525using System.Runtime.Serialization;
     26using System.Security.Cryptography;
    2627
    2728namespace HeuristicLab.Security.Contracts.BusinessObjects {
     
    2930  [DataContract]
    3031  public class User : PermissionOwner {
     32    private static string getMd5Hash(string input) {
     33      // Create a new instance of the MD5CryptoServiceProvider object.
     34      MD5 md5Hasher = MD5.Create();
     35
     36      // Convert the input string to a byte array and compute the hash.
     37      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
     38
     39      // Create a new Stringbuilder to collect the bytes
     40      // and create a string.
     41      StringBuilder sBuilder = new StringBuilder();
     42
     43      // Loop through each byte of the hashed data
     44      // and format each one as a hexadecimal string.
     45      for (int i = 0; i < data.Length; i++) {
     46        sBuilder.Append(data[i].ToString("x2"));
     47      }
     48
     49      // Return the hexadecimal string.
     50      return sBuilder.ToString();
     51    }
     52
     53
    3154    [DataMember]
    3255    public String Login { get; set; }
     56
     57    private String password;
     58   
    3359    [DataMember]
    34     public String Password { get; set; }
     60    public String Password {
     61      get {
     62        return this.password;
     63      }
     64      set {
     65        this.password = getMd5Hash(value);
     66      }
     67    }
     68
     69    public void SetPlainPassword(String password) {
     70      this.password = password;
     71    }
     72
    3573    [DataMember]
    3674    public String MailAddress { get; set; }
  • trunk/sources/HeuristicLab.Security.Contracts/3.2/Interfaces/IPermissionManager.cs

    r1735 r1737  
    1919    void EndSession(Guid sessionId);
    2020
    21     [OperationContract]
    22     [FaultContractAttribute(typeof(CommunicationException))]
    23     void TestServer();
    2421  }
    2522}
  • trunk/sources/HeuristicLab.Security.Core/3.2/PermissionManager.cs

    r1736 r1737  
    88using HeuristicLab.DataAccess.Interfaces;
    99using HeuristicLab.PluginInfrastructure;
     10using System.Security.Cryptography;
    1011
    1112namespace HeuristicLab.Security.Core {
     
    1920    Object locker = new Object();
    2021
    21  
     22    private static string getMd5Hash(string input) {
     23      // Create a new instance of the MD5CryptoServiceProvider object.
     24      MD5 md5Hasher = MD5.Create();
     25
     26      // Convert the input string to a byte array and compute the hash.
     27      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
     28
     29      // Create a new Stringbuilder to collect the bytes
     30      // and create a string.
     31      StringBuilder sBuilder = new StringBuilder();
     32
     33      // Loop through each byte of the hashed data
     34      // and format each one as a hexadecimal string.
     35      for (int i = 0; i < data.Length; i++) {
     36        sBuilder.Append(data[i].ToString("x2"));
     37      }
     38
     39      // Return the hexadecimal string.
     40      return sBuilder.ToString();
     41    }
     42
    2243   /// <summary>
    2344   /// If a session exists for this userName then it is returned, otherwise the given password
     
    3455        session = factory.GetSessionForCurrentThread();
    3556
     57        password = getMd5Hash(password);
     58
    3659        IUserAdapter userAdapter = session.GetDataAdapter<User, IUserAdapter>();
    3760        User user = userAdapter.GetByLogin(userName);
    3861
    39         if (user.Password.CompareTo(password) == 0) {
     62        if (user != null &&
     63            user.Password.Equals(password)) {
    4064          Guid newSessionId = Guid.NewGuid();
    4165          lock (locker)
     
    105129      return Guid.Empty;
    106130    }
    107 
    108     public void TestServer() {
    109     }
    110131  }
    111132}
  • trunk/sources/HeuristicLab.Security.Server/3.2/SecurityServer.cs

    r1713 r1737  
    1010namespace HeuristicLab.Security.Server {
    1111  public partial class SecurityServer : Form {
    12     public SecurityServer(Dictionary<string, Uri> baseAddrDict) {
     12    public SecurityServer(Dictionary<string, String> baseAddrDict) {
    1313      InitializeComponent();
    14       Uri uri;
     14      String uri;
    1515      baseAddrDict.TryGetValue(SecurityServerApplication.STR_PermissionManager, out uri);
    1616      if (uri != null)
  • trunk/sources/HeuristicLab.Security.Server/3.2/SecurityServerApplication.cs

    r1713 r1737  
    4444    }
    4545
    46     private Uri StartService(Services svc, IPAddress ipAddress, int port) {
     46    private String StartService(Services svc, IPAddress ipAddress, int port) {
    4747      string curServiceHost = "";
    4848      Uri uriTcp;
     49      String result = "";
    4950      ISecurityManager[] securityManagerInstances = discService.GetInstances<ISecurityManager>();
    5051      IPermissionManager[] permissionManagerInstances = discService.GetInstances<IPermissionManager>();
     
    5354        case Services.PermissionManager:
    5455          if (securityManagerInstances.Length > 0) {
    55             uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/PermissionManager/");
     56            uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/SecurityServer/");
    5657            serviceHost = new ServiceHost(permissionManagerInstances[0].GetType(), uriTcp);
    5758            serviceHost.AddServiceEndpoint(typeof(IPermissionManager), binding, STR_PermissionManager);
    5859            curServiceHost = STR_PermissionManager;
     60            result = uriTcp.ToString() + STR_PermissionManager;
    5961          }
    6062          break;
    6163        case Services.SecurityManager:
    6264          if (securityManagerInstances.Length > 0) {
    63             uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/SecurityManager/");
     65            uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/SecurityServer/");
    6466            serviceHost = new ServiceHost(securityManagerInstances[0].GetType(), uriTcp);
    6567            serviceHost.AddServiceEndpoint(typeof(ISecurityManager), binding, STR_SecurityManager);
    6668            curServiceHost = STR_SecurityManager;
     69            result = uriTcp.ToString() + STR_SecurityManager;
    6770          }
    6871          break;
     
    7780        serviceHost.Open();
    7881        runningServices.Add(curServiceHost, serviceHost);
    79         return serviceHost.BaseAddresses[0];
     82        return result;
    8083      } else
    8184        return null;
     
    111114     
    112115      //Start services and record their base address
    113       Dictionary<string, Uri> baseAddrDict = new Dictionary<string, Uri>();
     116      Dictionary<string, String> baseAddrDict = new Dictionary<string, String>();
    114117      baseAddrDict.Add(STR_PermissionManager,
    115118        StartService(Services.PermissionManager, addresses[index], DEFAULT_PORT_PM));
Note: See TracChangeset for help on using the changeset viewer.