From fb43a92cc2aaffab42efebf025b6a12c01af8fde Mon Sep 17 00:00:00 2001
From: Shauren <shauren.trinity@gmail.com>
Date: Thu, 7 Feb 2013 16:15:23 +0100
Subject: Core/Accounts: sessionkey field in account table is only a temporary
 storage to pass data from authserver to worldserver and should only be used
 as such. Clearing sessionkey from database after a successful login to
 prevent possible exploits.

---
 sql/updates/auth/2013_02_07_00_auth_account.sql | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 sql/updates/auth/2013_02_07_00_auth_account.sql

(limited to 'sql/updates/auth')

diff --git a/sql/updates/auth/2013_02_07_00_auth_account.sql b/sql/updates/auth/2013_02_07_00_auth_account.sql
new file mode 100644
index 00000000000..03bdf8cdcd5
--- /dev/null
+++ b/sql/updates/auth/2013_02_07_00_auth_account.sql
@@ -0,0 +1,3 @@
+UPDATE `account` SET `sessionkey`='';
+ALTER TABLE `account`
+CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver' AFTER `sha_pass_hash`;
-- 
cgit v1.2.3