apache /
vcl /
670449fa83fb6555c704097c70d2b95a5c2a59a4 VCL-1045 - Method of encrypting sensitive database entries
addomain.php: modified AJsaveResource: renamed call to addMNcryptkeyUpdates to addCryptSecretKeyUpdates
authentication.php: modified addLoginLog: if $passfail is true, call checkMissingWebSecretKeys to generate cryptsecrets for other web servers that may be missing
utils.php and itecsauth.php: moved include_once for itecsauth/itecsauth.php from utils.php to itecsauth.php - file not needed unless itecsauth is being used, so no need to have it in utils.php
states.php: added checkMissingWebSecretKeys to entry actions and to misc pages
utils.php:
-modified decryptData: added checks for length of $iv and $cryptdata being invalid and return false if invalid
-added checkMissingWebSecretKeys
-modified checkCryptSecrets: renamed call to addMNcryptkeyUpdates to addCryptSecretKeyUpdates
vm.php: modified AJupdateVMprofileItem: renamed call to addMNcryptkeyUpdates to addCryptSecretKeyUpdates; modified update query to set rsapub, rsakey, and encryptedpasswd to NULL when setting password with new system
xmlrpcWrappers.php: modified XMLRPCcheckCryptSecrets: renamed call to addMNcryptkeyUpdates to addCryptSecretKeyUpdates; removed unnecessary call to mysql_real_escape_string because data being escaped will always be base64 encoded
7 files changed
