I noticed in run_notebook.py that when the notebook is run with reset=True, there is a check against min_password_length from sagenb.misc.misc to make sure the password is long enough. If it is shorter than the minimum, sage prints "That password is way too short. Enter a password with at least 6 characters."
However, min_password_length is 1. Thus, the check is only preventing non-blank passwords. Is this the desired behavior? It seems inconsistent to me to prompt for a 6 character password when we will accept any non-blank password. A 6-character password on an administrative account does not seem unreasonable to me. IMHO for a piece of software that effectively give shell access to a server, applying a min_password_length of 6 (which really isn't that secure) would be reasonable. Though if nothing is enforcing the length, it doesn't seem right to me to tell users to enter one of at least a certain length. I poked around the users.py and notebook.py and did some grep'ing and didn't find anywhere else min_password_length is used. Changing min_password_length to 6 would seem to only force the admin password to be 6 characters, without affecting other users and passwords already set. I haven't thoroughly looked into it yet, but to affect all users would probably be quite a bit more complicated. The output message for other users is probably desired in the webbrowser, rather than the shell, and currently the webbrowser doesn't even give a message when setting a blank password (silently fails) so I'm guessing they is not a easy way to do this already in-place. Any thoughts? -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
