View Issue Details

IDProjectCategoryView StatusLast Update
0022841mantisbtauthenticationpublic2023-10-31 16:36
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Target Version2.27.0 
Summary0022841: Don't truncate password when it exceeds db field size
Description

Following up on discussion in PR 1048.

auth_process_plain_password() silently truncates the processed password to the size of the underlying database field.

This can cause problems when the password field's size is increased, as it will cause users to no longer be able to login, forcing them to reset their password.

TagsNo tags attached.

Activities

dregad

dregad

2017-05-06 18:14

developer   ~0056786

PR https://github.com/mantisbt/mantisbt/pull/1048

thE_iNviNciblE

thE_iNviNciblE

2019-04-28 09:22

reporter   ~0062010

FYI:

"New lengths vary depending on the database management system:

MariaDB version 10.0 and higher - 80 characters
PostgreSQL version 7.3 and higher - 61 characters
PostgreSQL versions lower than 7.3 - 31 characters
Microsoft SQL (all versions) - 128 characters
MySQL version 5.7.8 and higher - 32 characters
Percona version 5.7 and higher - 32 characters
Other database management systems - 16 characters"

dregad

dregad

2019-04-28 11:27

developer   ~0062011

@thE_iNviNciblE Your post is confusing. Where do you get this information from ? The size of password field is set to 64 chars by MantisBT at installation time, and that does not depend on RDBMS.

Or maybe you meant something else, in that case please clarify...

thE_iNviNciblE

thE_iNviNciblE

2019-06-14 02:44

reporter   ~0062254

@dregad:

i've seen information here: https://docs.plesk.com/release-notes/onyx/change-log/#179-preview13

dregad

dregad

2019-06-14 03:44

developer   ~0062257

That's the changelog for Plesk, I don't see how it is related to MantisBT.