Re: [Cppcms-users] dbixx::sql truncates string!
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] dbixx::sql truncates string!
|
From: Artyom <art...@ya...> - 2010-11-01 07:29:46
|
> I get a username and a password from a user and hash the password using
md5():
> std::string pass_md5 = md5(password);
> memset (password, '*', 100); // Erase the password from memory.
> cout << "The md5 is: " << pass_md5 << endl;
What is md5 function? Is it cppcms::util::md5 or something else? Because
of so it creates 16 characters binary string and you probably
need cppcms::util::md5hex
for 32 hexadecimal characters.
BTW I suggest to salt passwords to prevent using rainbow tables.
> sql << "SELECT * FROM users WHERE name = ? AND pass = ?", username,
> pass_md5;
> if (sql.single(r)) { /* Login successful...*/ }
>
> The (critical) problem is that the login is never successful because in the
> above query, the pass_md5 is truncated. The md5 hash is 32 characters long,
> but only the 20 first characters are kept in the query.
> ???
I tested this code works fine.
>
> Is this a bug in the API, or am I doing wrong?
>
>
> Also, for debugging purposes, how can I access the actual query sent to the
> sql server?
>
If you still have issues
You can add debug printing in line 310 of session.cpp in function
session::single
Before line:
dbi_result res=dbi_conn_query(conn,escaped_query.c_str());
Add:
std::cerr << "[" << escaped_query <<"]" << std::endl;
Also if exception is thrown
you can request query() parameter of dbixx_error.
Artyom
|
