diff options
| author | zsloan | 2015-06-29 10:37:20 -0500 | 
|---|---|---|
| committer | zsloan | 2015-06-29 10:37:20 -0500 | 
| commit | b8152f98f0d9c2a1ec0d73145a4670153b60a307 (patch) | |
| tree | f2e419a375b87a361c9288a9defd7bb46fade4b2 /wqflask/utility | |
| parent | 1353414114b9595a1b207ae4da28e5e725edc550 (diff) | |
| parent | a41f9323ea5b86be6d2139a927586630b222af68 (diff) | |
| download | genenetwork2-b8152f98f0d9c2a1ec0d73145a4670153b60a307.tar.gz | |
Merge pull request #77 from lomereiter/fix_sql
SQL security fixes
Diffstat (limited to 'wqflask/utility')
| -rwxr-xr-x | wqflask/utility/webqtlUtil.py | 16 | 
1 files changed, 0 insertions, 16 deletions
| diff --git a/wqflask/utility/webqtlUtil.py b/wqflask/utility/webqtlUtil.py index 4d7981d9..4b3d0112 100755 --- a/wqflask/utility/webqtlUtil.py +++ b/wqflask/utility/webqtlUtil.py @@ -880,22 +880,6 @@ def cmpGenoPos(A,B): except: return 0 -#XZhou: Must use "BINARY" to enable case sensitive comparison. -def authUser(name,password,db, encrypt=None): - try: - if encrypt: - query = 'SELECT privilege, id,name,password, grpName FROM User WHERE name= BINARY \'%s\' and password= BINARY \'%s\'' % (name,password) - else: - query = 'SELECT privilege, id,name,password, grpName FROM User WHERE name= BINARY \'%s\' and password= BINARY SHA(\'%s\')' % (name,password) - db.execute(query) - records = db.fetchone() - if not records: - raise ValueError - return records#(privilege,id,name,password,grpName) - except: - return (None, None, None, None, None) - - def hasAccessToConfidentialPhenotypeTrait(privilege, userName, authorized_users): access_to_confidential_phenotype_trait = 0 if webqtlConfig.USERDICT[privilege] > webqtlConfig.USERDICT['user']: | 
