ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015371ClearOSapp-users - User Managerpublic2017-06-19 07:162019-02-23 12:55
Reporteruser2 
Assigned Todloper 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.3.1 
Target Version7.6.0 UpdatesFixed in Version 
Summary0015371: Review password requirements
DescriptionA number of characters are not allowed for passwords. This comes from the need to support the "lowest common denominator" across various systems, notably:

- CodeIgniter has a list of invalid characters, but we should just encode these.

- The maximum password length is set to 100. Windows 7 has a max of 127 characters.

Setting a maximum password length seems a bit odd in this day an age, but at the very least we should provide that reason to the end user. In other words, instead of showing:

   Error: password is too long

We should show:

   Error: to ensure Windows compatibility, passwords need to be less than X


In addition, passwords are checked using "cracklib" tools in order to prevent weak passwords. Can we get more useful feedback from that tool?
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0008601)
marclaporte (manager)
2018-11-10 10:38

FYI, Brendan added a password black list to Tiki:
https://sourceforge.net/p/tikiwiki/code/59973 [^]
https://doc.tiki.org/Password-Blacklists [^]
(0009171)
dloper (administrator)
2019-02-23 12:55

Migrated from: https://gitlab.com/clearos/clearfoundation/app-users/issues/2 [^]

- Issue History
Date Modified Username Field Change
2017-06-19 07:17 user2 New Issue
2017-06-19 07:17 user2 Status new => confirmed
2017-08-18 10:02 user2 Target Version 7.4.0 Beta 1 => 7.4.0 Updates
2018-02-12 10:18 user2 Target Version 7.4.0 Updates => 7.5.0
2018-04-11 10:14 user2 Target Version 7.5.0 => 7.6.0 Updates
2018-04-11 10:18 user2 Target Version 7.6.0 Updates => 7.5.0 Updates
2018-04-11 10:43 user2 Target Version 7.5.0 Updates => 7.5.0
2018-04-19 08:43 user2 Target Version 7.5.0 => 7.5.0 Updates
2018-10-30 18:18 user2 Target Version 7.5.0 Updates => 7.6.0
2018-11-10 10:38 marclaporte Note Added: 0008601
2018-12-14 11:58 dloper Target Version 7.6.0 => 7.6.0 Updates
2019-02-23 12:55 dloper Note Added: 0009171
2019-02-23 12:55 dloper Status confirmed => closed
2019-02-23 12:55 dloper Assigned To => dloper
2019-02-23 12:55 dloper Resolution open => suspended