[
https://issues.apache.org/jira/browse/ROL-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618123#comment-13618123
]
Glen Mazza commented on ROL-1959:
---------------------------------
What is the precise shortcoming for you-- (a) Roller passwords aren't long
enough for your liking or (b) there are specific special characters you would
like to see supported that Roller doesn't presently allow, or (c) Roller isn't
providing sufficient validation at the time of password entry allowing you to
enter invalid passwords that it subsequently doesn't accept?
For Roller to be able to handle passwords of infinite length is a Won't Fix
(fails cost/benefit considering the database and other changes that would
entail), because after 15 or so alphanumeric characters you're not effectively
providing any more security, especially since past that length people start to
copy and paste passwords (or choose exceedingly easy to remember ones),
creating the much larger security hole in the process. But it looks like we
can provide better password validation including length limitations for newly
entered passwords ('c' above).
> Complex passwords don't work
> ----------------------------
>
> Key: ROL-1959
> URL: https://issues.apache.org/jira/browse/ROL-1959
> Project: Roller
> Issue Type: Bug
> Reporter: Noah Slater
> Assignee: Roller Unassigned
>
> Sorry for the vague ticket title. I don't want to make presumptions about the
> issue.
> Steps to reproduce:
> 1. Log in
> 2. Set your password to something long and complex like:
> xaQ}W,3tg4.VkAy4b398C9cRu8gE$vm{%f}V;L96bJyWf}#ELa
> 3. Log out
> 4. Try to log back in again
> What I see:
> I am unable to log in.
> What I expect to see:
> I am able to log in.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
