Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-19 17:05:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits.

Browse Source
This commit is contained in:
Shauren
2013-02-07 16:15:23 +01:00
parent 5b45a87da5
commit fb43a92cc2
6 changed files with 28 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/base/auth_database.sql
View File

@@ -26,7 +26,7 @@ CREATE TABLE `account` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier',
`username` varchar(32) NOT NULL DEFAULT '',
`sha_pass_hash` varchar(40) NOT NULL DEFAULT '',
`sessionkey` varchar(80) NOT NULL DEFAULT '',
`sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver',
`v` varchar(64) NOT NULL DEFAULT '',
`s` varchar(64) NOT NULL DEFAULT '',
`email` varchar(254) NOT NULL DEFAULT '',

3
sql/updates/auth/2013_02_07_00_auth_account.sql Normal file
View File

@@ -0,0 +1,3 @@
UPDATE `account` SET `sessionkey`='';
ALTER TABLE `account`
CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver' AFTER `sha_pass_hash`;