[pmwiki-users] Fwd: Password question

The Editor editor at fast.st
Mon Jul 10 08:17:46 CDT 2006


I tried a bit of testing and created an account with the following
password:  "!#?|:"  thinking they would be some of the more likely
candidates for trouble.  The form that came back definitely gave me a
blank for the password field.

If it's not the newuser recipe, or the encryption process, could it be
possible there is some problem with session variables storing certain
characters?

Cheers,
Caveman



On 7/10/06, Dominique Faure <dominique.faure at gmail.com> wrote:
>
> The recipe doesn't make any attempt to change what the user filled
> (same as HtpasswdForm), nor does the _crypt function defined in
> scripts/authuser.php, so a blank password means only that the user
> provided nothing into the password field.

--snip--

> Anything that could be typed into a browser input field can be
> considered as a valid password (even nothing). It's up to you to
> define your own password enforcement policies and provide a way to
> plug them into your recipe.
>
> Regards,
> Dom
>




More information about the pmwiki-users mailing list