=== modified file 'bin/addons/base/res/res_user.py'
--- bin/addons/base/res/res_user.py	2011-01-10 13:52:26 +0000
+++ bin/addons/base/res/res_user.py	2011-04-28 15:33:49 +0000
@@ -458,24 +458,25 @@
             raise security.ExceptionNoTb('AccessDenied')
 
     def check(self, db, uid, passwd):
+        """Verifies that the given (uid, password) pair is authorized for the database ``db`` and
+           raise an exception if it is not."""
         if not passwd:
-            return False
+            # empty passwords disallowed for obvious security reasons
+            raise security.ExceptionNoTb('AccessDenied')
         if self._uid_cache.get(db, {}).get(uid) == passwd:
-            return True
+            return
         cr = pooler.get_db(db).cursor()
         try:
             cr.execute('SELECT COUNT(1) FROM res_users WHERE id=%s AND password=%s AND active=%s',
                         (int(uid), passwd, True))
             res = cr.fetchone()[0]
-            if not bool(res):
+            if not res:
                 raise security.ExceptionNoTb('AccessDenied')
-            if res:
-                if self._uid_cache.has_key(db):
-                    ulist = self._uid_cache[db]
-                    ulist[uid] = passwd
-                else:
-                    self._uid_cache[db] = {uid:passwd}
-            return bool(res)
+            if self._uid_cache.has_key(db):
+                ulist = self._uid_cache[db]
+                ulist[uid] = passwd
+            else:
+                self._uid_cache[db] = {uid:passwd}
         finally:
             cr.close()