Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14465

Remove maximum password length setting

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Unverified Fix (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.7-pl1, 3.2.0-b1
    • Fix Version/s: 3.3.0-b1
    • Component/s: None
    • Labels:
      None

      Description

      There is no point in having this setting, since there is no point in having a maximum password length.
      It will just lower security for users if admins that don't know or don't care about this setting just let them as they are when the board is installed.

      The few cases where way too long passwords can cause a DoS are catched with a hardcoded maximum length of 4096 which should be more than enough for everyone.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Marc Marc
              Reporter:
              Elsensee Oliver Schramm
              Votes:
              4 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: