Closed
Bug 471620
Opened 17 years ago
Closed 16 years ago
USER_PASSWORD_MAX_LENGTH is no longer needed
Categories
(Bugzilla :: User Accounts, enhancement)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.6
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
Attachments
(2 files)
|
3.12 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
|
1.43 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
The limit of 16 characters for passwords appeared in v1.1 of editusers.cgi, with no explanation. Maybe it was related to the fact that the MySQL ENCRYPT() function, which was the first method to be used to encrypt passwords in Bugzilla, used the UNIX crypt() method, which itself ignores everything after the 8th character. And so passwords longer than <strike>8</strike> 16 characters weren't useful.
Now that Bugzilla uses SHA-256 to store passwords instead of crypt(), see bug 211006, it makes sense to accept passwords longer than 16 characters. AFAIK, there is technically no reason to restrict the max length as SHA-256 takes the whole password into account, and so this constant can go away as soon as bug 211006 is checked in.
|
Assignee | |
Comment 1•16 years ago
|
||
|
|
Assignee | |
Updated•16 years ago
|
Target Milestone: --- → Bugzilla 3.6
|
||
Updated•16 years ago
|
Attachment #392918 -
Flags: review?(dkl) → review+
|
|
||
Comment 2•16 years ago
|
||
Comment on attachment 392918 [details] [diff] [review]
patch, v1
As this is mostly removal of code then the coding style looks good to me ;) Also it works as expected as accepts really long passwords properly.
r=dkl
|
|
Assignee | |
Updated•16 years ago
|
Flags: approval+
|
|
Assignee | |
Comment 3•16 years ago
|
||
Checking in Bugzilla/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Constants.pm,v <-- Constants.pm
new revision: 1.114; previous revision: 1.113
done
Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm
new revision: 1.191; previous revision: 1.190
done
Checking in Bugzilla/WebService/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm,v <-- Constants.pm
new revision: 1.27; previous revision: 1.26
done
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v <-- user-error.html.tmpl
new revision: 1.284; previous revision: 1.283
done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 4•16 years ago
|
||
We should relnote that passwords can now be longer than 16 characters
Keywords: relnote
|
|
||
Comment 5•16 years ago
|
||
You forgot to remove the POD from Bugzilla::WebService::User that references the 503 error. (You should also update the History for the appropriate method, noting that it used to throw 503, Password Too Long before Bugzilla 3.6.)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 6•16 years ago
|
||
Also, please leave a comment in Bugzilla::WebService::Constants about what the 503 error was. There is a note about this in Bugzilla::WebService::Constants itself.
|
|
Assignee | |
Comment 7•16 years ago
|
||
Attachment #393459 -
Flags: review?(dkl)
|
|
||
Comment 8•16 years ago
|
||
Comment on attachment 393459 [details] [diff] [review]
fix POD, v1
Looks good. r=dkl
Attachment #393459 -
Flags: review?(dkl) → review+
|
|
Assignee | |
Comment 9•16 years ago
|
||
Checking in Bugzilla/WebService/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm,v <-- Constants.pm
new revision: 1.28; previous revision: 1.27
done
Checking in Bugzilla/WebService/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/User.pm,v <-- User.pm
new revision: 1.15; previous revision: 1.14
done
Status: REOPENED → RESOLVED
Closed: 16 years ago → 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•