# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1280226963 -7200
# Node ID f4d1d5d9ccbb5fb186369d67a8578c972ea64ebc
# Parent  50e1a6ad3e981c655cd23a56f7fedf15413a53f6
[security] don't put uncrypted password in query parameters, else it may be logged on error

diff -r 50e1a6ad3e98 -r f4d1d5d9ccbb server/sources/native.py
--- a/server/sources/native.py	Mon Jul 19 15:36:16 2010 +0200
+++ b/server/sources/native.py	Tue Jul 27 12:36:03 2010 +0200
@@ -1397,7 +1397,7 @@
         two queries are needed since passwords are stored crypted, so we have
         to fetch the salt first
         """
-        args = {'login': login, 'pwd' : password}
+        args = {'login': login, 'pwd' : None}
         if password is not None:
             rset = self.source.syntax_tree_search(session, self._passwd_rqlst, args)
             try: