You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@roller.apache.org by "Noah Slater (JIRA)" <ji...@apache.org> on 2013/03/31 15:37:15 UTC

[jira] [Reopened] (ROL-1959) Complex passwords don't work

     [ https://issues.apache.org/jira/browse/ROL-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Noah Slater reopened ROL-1959:
------------------------------


I use a password manager that generates passwords for me. So I copy and paste those passwords out of the password manager, and into the form. I believe my use of a password manager in this way constitutes very good security practice.

I am reopening this bug because I believe that when I copy and paste a password, if it is "too long" for Roller, I should receive a validation error. The paste should not silently truncate my password. This will result in every user who copies and pastes a password that is "too longer" being "locked out" of their account.

Scare quoted "too long" because I think "20" is arbitary, and can't think of any technical reason a password should be limited in length. It concerns me that you mention database changes. I hope that the password never touches the database...

Scare quoted "locked out" because obviously, I am not actually locked out. My password is just a substring of the password I thought it was. (In fact, this is confirmed. I am back in.)
                
> Complex passwords don't work
> ----------------------------
>
>                 Key: ROL-1959
>                 URL: https://issues.apache.org/jira/browse/ROL-1959
>             Project: Roller
>          Issue Type: Bug
>            Reporter: Noah Slater
>            Assignee: Roller Unassigned
>
> Sorry for the vague ticket title. I don't want to make presumptions about the issue.
> Steps to reproduce:
> 1. Log in
> 2. Set your password to something long and complex like: xaQ}W,3tg4.VkAy4b398C9cRu8gE$vm{%f}V;L96bJyWf}#ELa
> 3. Log out
> 4. Try to log back in again
> What I see:
> I am unable to log in.
> What I expect to see:
> I am able to log in.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira