The limit of 16 characters for passwords appeared in v1.1 of editusers.cgi, with no explanation. Maybe it was related to the fact that the MySQL ENCRYPT() function, which was the first method to be used to encrypt passwords in Bugzilla, used the UNIX crypt() method, which itself ignores everything after the 8th character. And so passwords longer than <strike>8</strike> 16 characters weren't useful. Now that Bugzilla uses SHA-256 to store passwords instead of crypt(), see bug 211006, it makes sense to accept passwords longer than 16 characters. AFAIK, there is technically no reason to restrict the max length as SHA-256 takes the whole password into account, and so this constant can go away as soon as bug 211006 is checked in.
Created attachment 392918 [details] [diff] [review] patch, v1
Comment on attachment 392918 [details] [diff] [review] patch, v1 As this is mostly removal of code then the coding style looks good to me ;) Also it works as expected as accepts really long passwords properly. r=dkl
Checking in Bugzilla/Constants.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Constants.pm,v <-- Constants.pm new revision: 1.114; previous revision: 1.113 done Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.191; previous revision: 1.190 done Checking in Bugzilla/WebService/Constants.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm,v <-- Constants.pm new revision: 1.27; previous revision: 1.26 done Checking in template/en/default/global/user-error.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v <-- user-error.html.tmpl new revision: 1.284; previous revision: 1.283 done
We should relnote that passwords can now be longer than 16 characters
You forgot to remove the POD from Bugzilla::WebService::User that references the 503 error. (You should also update the History for the appropriate method, noting that it used to throw 503, Password Too Long before Bugzilla 3.6.)
Also, please leave a comment in Bugzilla::WebService::Constants about what the 503 error was. There is a note about this in Bugzilla::WebService::Constants itself.
Created attachment 393459 [details] [diff] [review] fix POD, v1
Comment on attachment 393459 [details] [diff] [review] fix POD, v1 Looks good. r=dkl
Checking in Bugzilla/WebService/Constants.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Constants.pm,v <-- Constants.pm new revision: 1.28; previous revision: 1.27 done Checking in Bugzilla/WebService/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/User.pm,v <-- User.pm new revision: 1.15; previous revision: 1.14 done
Added to the release notes in bug 547466.