This is definitely a bug in the DAL. Probably a very old one that was made
evident by the new lockless cache implementation. Passwords should never
have been saved in the cache in raw format as the cache is not supposed to
be safe for that.
BaseAdapter does this in the select
(cache_model, time_expire) = cache
key = self.uri + '/' + sql
if len(key)>200: key = hashlib_md5(key).hexdigest()
args = (sql,fields,attributes)
Basically it should always, *always*, use the hash, not just if the key's
len is >200. Please submit an issue this must be fixed ASAP.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
