View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0013163 | mantisbt | authentication | public | 2011-07-21 08:32 | 2014-09-23 18:05 |
Reporter | dregad | Assigned To | dregad | ||
Priority | low | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.5 | ||||
Target Version | 1.2.6 | Fixed in Version | 1.2.6 | ||
Summary | 0013163: Remove limitation on password length with MD5 authentication | ||||
Description | As suggested by user packman in 0013047, it does not make sense to limit the size of a user's password to the database field size (PASSLEN), when we are only storing a hash, the size of which is fixed. The password size restriction only applies when we are storing the password itself in the database (e.g. deprecated PLAIN authentication method) | ||||
Tags | patch | ||||
MantisBT: master-1.2.x 4664aebf 2011-07-21 06:46 Details Diff |
Fix 0013163: Remove limitation on password length with MD5 authentication A new function auth_get_password_max_size was added in authentication_api.php, to return the maximum length of the password, taking the login method into consideration: limited to the database field size (PASSLEN) for PLAIN and BASIC_AUTH, or to new constant MAX_PASSWORD_SIZE for other, hash-based methods. The return value is used to define the maxlength attribute of all the password fields. |
Affected Issues 0013163 |
|
mod - account_page.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - core/constant_inc.php | Diff File | ||
mod - login_page.php | Diff File | ||
mod - manage_user_create_page.php | Diff File | ||
MantisBT: master 3c6b36e2 2011-07-21 06:46 Details Diff |
Fix 0013163: Remove limitation on password length with MD5 authentication A new function auth_get_password_max_size was added in authentication_api.php, to return the maximum length of the password, taking the login method into consideration: limited to the database field size (PASSLEN) for PLAIN and BASIC_AUTH, or to new constant MAX_PASSWORD_SIZE for other, hash-based methods. The return value is used to define the maxlength attribute of all the password fields. This commit is a manual port to master of the changes in commits 4664aebf, 9c7fffbb, 5d527ef4 and b2c1c1e9 |
Affected Issues 0013163 |
|
mod - account_page.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - core/constant_inc.php | Diff File | ||
mod - login_page.php | Diff File | ||
mod - manage_user_create_page.php | Diff File | ||
mod - manage_user_edit_page.php | Diff File | ||
MantisBT: master-1.2.x 9c7fffbb 2011-07-22 04:26 Details Diff |
Issue 0013163: cosmetic changes and fixing comments Implementing vboctor's comments |
Affected Issues 0013163 |
|
mod - core/authentication_api.php | Diff File | ||
mod - core/constant_inc.php | Diff File | ||
mod - login_page.php | Diff File | ||
MantisBT: master-1.2.x 5d527ef4 2011-07-22 04:55 Details Diff |
Issue 0013163: handling login method HTTP_AUTH like PLAIN Per vboctor's suggestion |
Affected Issues 0013163 |
|
mod - core/authentication_api.php | Diff File | ||
MantisBT: master-1.2.x b2c1c1e9 2011-07-22 05:06 Details Diff |
Issue 0013163: Increasing user+password fields size to 32 for consistency |
Affected Issues 0013163 |
|
mod - manage_user_edit_page.php | Diff File |