Closed
Bug 183898
Opened 22 years ago
Closed 21 years ago
checksetup.pl doesn't accepts admin passwords with dots
Categories
(Bugzilla :: Installation & Upgrading, defect)
Bugzilla
Installation & Upgrading
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: o.b.fischer, Assigned: goobix)
Details
Attachments
(1 file, 3 obsolete files)
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021125 Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021125 While setting up a Bugzilla 2.16.1 on FreeBSD with perl 5.6.1 I recognoized, that checksetup.pl doesn't like passwords for the admin, which contains a dot. Reproducible: Always Steps to Reproduce: Actual Results: Entering a passwort with a dot inside causes checksetup.pl to ask again for the password. Expected Results: Accepting the password.
Comment 1•22 years ago
|
||
i can confirm this on a redhat 8.0 machine (perl-5.8.0) with HEAD from cvs.
Comment 2•22 years ago
|
||
Looks like it's not accepting anything weird in the password... while( $pass1 eq "" || $pass1 !~ /^[a-zA-Z0-9-_]{3,16}$/ ) { That's probably not real secure. Should accept more valid characters for the password (i.e. anything printable) or at a minimum give a better error message that describes the legal characters for a password... confirming...
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•22 years ago
|
||
ValidatePassword in gobals.pl only checks for length, so I don't see why checksetup is any different. The only thing I can think of is trying to avoid control characters or something. Isn't there a perl metachar we can use for 'printable characters'?
Assignee | ||
Comment 4•21 years ago
|
||
Yes, we can use [:print:] in regexps in order to match printable chars and in this way to: - avoid control chars (like backspace on a bad terminal). - eliminate the restriction and make the password policy the same in every place.
Assignee | ||
Updated•21 years ago
|
Attachment #127943 -
Flags: review?(kiko)
Assignee | ||
Updated•21 years ago
|
Status: NEW → ASSIGNED
Comment 6•21 years ago
|
||
Not that it's part of this bug, but how about swapping "stupid" for "silly" up there? I would rather we didn't insult our potential users :-)
Comment 7•21 years ago
|
||
Comment on attachment 127943 [details] [diff] [review] Excludes only non-printable chars from the admin password. r=kiko, neat. assuming you' ve tested (again, no tree!) it it's ready for approval
Attachment #127943 -
Flags: review?(kiko) → review+
Assignee | ||
Comment 8•21 years ago
|
||
I was also thinking that: "It's just plain stupid to not have a password. Try again!" is kinda insulting. Should I change that to: "It's just plain silly to not have a password. Try again!" or does: "An empty password represents a security risk! Please try again." sound better?
Assignee | ||
Comment 9•21 years ago
|
||
Here's the new version.
Attachment #127943 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #127951 -
Flags: review?(kiko)
Comment 10•21 years ago
|
||
Comment on attachment 127951 [details] [diff] [review] Excludes only non-printable chars from the admin password. Also replaces the potential offensive text with a more nice one. nice!
Attachment #127951 -
Flags: review?(kiko) → review+
Updated•21 years ago
|
Summary: checksetup.pl doesn't accepts admin passworts with dots → checksetup.pl doesn't accepts admin passwords with dots
Assignee | ||
Updated•21 years ago
|
Flags: approval?
Assignee | ||
Comment 11•21 years ago
|
||
Attachment #127951 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #127953 -
Flags: review+
Assignee | ||
Comment 12•21 years ago
|
||
Re-diff due to a recent CVS commit that caused the patch to give errors when applying.
Assignee | ||
Updated•21 years ago
|
Attachment #127953 -
Attachment is obsolete: true
Assignee | ||
Comment 13•21 years ago
|
||
Comment on attachment 128005 [details] [diff] [review] Same as the previous one, but updated because the previous one was not applying cleanly anymore to the CVS tip due to a recent commit to checksetup.pl. Carrying over review+.
Attachment #128005 -
Flags: review+
Updated•21 years ago
|
Attachment #128005 -
Flags: review+
Updated•21 years ago
|
Attachment #128005 -
Flags: review+
Updated•21 years ago
|
Flags: approval? → approval+
Comment 14•21 years ago
|
||
Checking in checksetup.pl; /cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl new revision: 1.238; previous revision: 1.237 done
Assignee | ||
Comment 15•21 years ago
|
||
Marking as fixed.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Updated•21 years ago
|
Target Milestone: --- → Bugzilla 2.18
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•