Ansgar Burchardt wrote:
> Source: dtc
> Version: 0.30.10-1
> Severity: minor
>
> Hi,
>
> DTC only allows the use of alphanumeric characters in passwords. It
> also limits passwords to a maximum length of 16 characters. These
> limitations do prevent the use of strong passwords that include special
> characters like "!$.,;:".
Hi,
The control over the password function is made as follow:
function isDTCPassword($pass){
$reg = "^([a-zA-Z0-9]){4,16}\$";
if(!ereg($reg,$pass)) return false;
else return true;
}
This should be a password that is MySQL safe, because no further testing
is made on it. Eg, no single quote or things like this that could
interfere with a MySQL query. If you mind providing a new regular
expression, I will commit the change.
I have changed the max password lenght to 255 chars:
http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=cc5890655ba3489c6b038105ad49984495844d75
This is scheduled to be released for the next stable version as well.
Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
