[
https://issues.apache.org/jira/browse/ROL-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618335#comment-13618335
]
Glen Mazza commented on ROL-1959:
---------------------------------
No, copying and pasting pasting passwords is never a good idea (for one, it
defeats the purpose of the separate validation field, which is to make sure the
user entered in the correct password), nor are 50+ character passwords
acceptable, as it's a given you're going to need to write down that string and
save it someplace as there's no way you can remember that from memory (as I had
just told you earlier.) Furthermore, passwords are supposed to be easy for a
person to remember (so he doesn't have to write it down), but hard for anyone
else to guess--autogenerated passwords don't do that, and they also run the
risk (if the generator is no good), of repeatedly giving out the same
passwords, creating a huge security hole.
Throughout all my years in DOD security work I've never remotely heard of
people using 51-character (or any length, for that matter) password generators
for their own password.
Having HTML fields space-limited is a perfectly acceptable HTML design used all
over the place. For ZIP code, for example, there's nothing wrong with limiting
the entry field to 5 characters than to allow to allow you to type 50 and then
have to hardcode a validation error of "ZIP code too long" and have to
translate it into 15 languages. (You really don't think there's more useful
use of developer time?) Can you please provide some documentation that
limiting field lengths in HTML is a bad practice, instead of just typing bugs
based on your personal belief that HTML fields should not have limited length?
We have to change Roller code just because you're in disagreement with 98% of
the HTML community?
I can't solve your problem, Noah. Even if I allowed 60 character passwords,
there's nothing preventing you from turning around and complaining about an 80
character password not working. Nor are we going to shut off length
limitations in our HTML fields and switch to validation text. Any
auto-generator of passwords that uses more than 20 characters, as in the 51
your password generator supposedly uses, must have a mathematically innumerate
developer because with 20 ASCII characters the number of possible permutations
moves well, well into the stratosphere already. Indeed, given that your
original bug report was titled "Complex passwords don't work", when the issue
merely is that we don't accept passwords greater than 20 characters, makes it
clear you're trolling and deliberately smearing the Roller project. There's no
way you could have missed the fact that those 51 characters were getting
truncated to 20 when you were pasting them into the field, and you just caused
me to waste a bunch of time re-confirming that non-alphanumeric characters work
for passwords.
> Enhance Roller to support Infinite Length passwords
> ---------------------------------------------------
>
> Key: ROL-1959
> URL: https://issues.apache.org/jira/browse/ROL-1959
> Project: Roller
> Issue Type: Improvement
> Reporter: Noah Slater
> Assignee: Roller Unassigned
>
> Sorry for the vague ticket title. I don't want to make presumptions about the
> issue.
> Steps to reproduce:
> 1. Log in
> 2. Set your password to something long and complex like:
> xaQ}W,3tg4.VkAy4b398C9cRu8gE$vm{%f}V;L96bJyWf}#ELa
> 3. Log out
> 4. Try to log back in again
> What I see:
> I am unable to log in.
> What I expect to see:
> I am able to log in.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
