checksetup.pl doesn't accepts admin passwords with dots

RESOLVED FIXED in Bugzilla 2.18

Status

()

Bugzilla
Installation & Upgrading
--
minor
RESOLVED FIXED
16 years ago
5 years ago

People

(Reporter: Oliver Fischer, Assigned: Vlad Dascalu)

Tracking

unspecified
Bugzilla 2.18
Bug Flags:
approval +

Details

Attachments

(1 attachment, 3 obsolete attachments)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021125
Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021125

While setting up a Bugzilla 2.16.1 on FreeBSD with perl 5.6.1 I recognoized,
that checksetup.pl doesn't like passwords for the admin, which contains a dot.

Reproducible: Always

Steps to Reproduce:


Actual Results:  
Entering a passwort with a dot inside causes checksetup.pl to ask again for the
password.

Expected Results:  
Accepting the password.

Comment 1

16 years ago
i can confirm this on a redhat 8.0 machine (perl-5.8.0) with HEAD from cvs.
Looks like it's not accepting anything weird in the password...

      while( $pass1 eq "" || $pass1 !~ /^[a-zA-Z0-9-_]{3,16}$/ ) {

That's probably not real secure.  Should accept more valid characters for the
password (i.e. anything printable) or at a minimum give a better error message
that describes the legal characters for a password...

confirming...
Status: UNCONFIRMED → NEW
Ever confirmed: true
ValidatePassword in gobals.pl only checks for length, so I don't see why
checksetup is any different. The only thing I can think of is trying to avoid
control characters or something. Isn't there a perl metachar we can use for
'printable characters'?
(Assignee)

Comment 4

15 years ago
Created attachment 127943 [details] [diff] [review]
Excludes only non-printable chars from the admin password.

Yes, we can use [:print:] in regexps in order to match printable chars and in
this way to:

- avoid control chars (like backspace on a bad terminal).
- eliminate the restriction and make the password policy the same in every
place.
(Assignee)

Updated

15 years ago
Attachment #127943 - Flags: review?(kiko)
(Assignee)

Comment 5

15 years ago
<-- me
Assignee: zach → jocuri
OS: FreeBSD → All
Hardware: PC → All
(Assignee)

Updated

15 years ago
Status: NEW → ASSIGNED

Comment 6

15 years ago
Not that it's part of this bug, but how about swapping "stupid" for "silly" up
there? I would rather we didn't insult our potential users :-)

Comment 7

15 years ago
Comment on attachment 127943 [details] [diff] [review]
Excludes only non-printable chars from the admin password.

r=kiko, neat. assuming you' ve tested (again, no tree!)  it it's ready for
approval
Attachment #127943 - Flags: review?(kiko) → review+
(Assignee)

Comment 8

15 years ago
I was also thinking that:

"It's just plain stupid to not have a password.  Try again!"

is kinda insulting. Should I change that to:

"It's just plain silly to not have a password.  Try again!"

or does:

"An empty password represents a security risk! Please try again."

sound better?
(Assignee)

Comment 9

15 years ago
Created attachment 127951 [details] [diff] [review]
Excludes only non-printable chars from the admin password. Also replaces the potential offensive text with a more nice one.

Here's the new version.
Attachment #127943 - Attachment is obsolete: true
(Assignee)

Updated

15 years ago
Attachment #127951 - Flags: review?(kiko)

Comment 10

15 years ago
Comment on attachment 127951 [details] [diff] [review]
Excludes only non-printable chars from the admin password. Also replaces the potential offensive text with a more nice one.

nice!
Attachment #127951 - Flags: review?(kiko) → review+

Updated

15 years ago
Summary: checksetup.pl doesn't accepts admin passworts with dots → checksetup.pl doesn't accepts admin passwords with dots
(Assignee)

Updated

15 years ago
Flags: approval?
(Assignee)

Comment 11

15 years ago
Created attachment 127953 [details] [diff] [review]
Fixing small spacing problem and carying over r+.
Attachment #127951 - Attachment is obsolete: true
(Assignee)

Updated

15 years ago
Attachment #127953 - Flags: review+
(Assignee)

Comment 12

15 years ago
Created attachment 128005 [details] [diff] [review]
Same as the previous one, but updated because the previous one was not applying cleanly anymore to the CVS tip due to a recent commit to checksetup.pl.

Re-diff due to a recent CVS commit that caused the patch to give errors when
applying.
(Assignee)

Updated

15 years ago
Attachment #127953 - Attachment is obsolete: true
(Assignee)

Comment 13

15 years ago
Comment on attachment 128005 [details] [diff] [review]
Same as the previous one, but updated because the previous one was not applying cleanly anymore to the CVS tip due to a recent commit to checksetup.pl.

Carrying over review+.
Attachment #128005 - Flags: review+
Flags: approval? → approval+
Checking in checksetup.pl;
/cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v  <--  checksetup.pl
new revision: 1.238; previous revision: 1.237
done
(Assignee)

Comment 15

15 years ago
Marking as fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 2.18
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.