Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9681

Password length not in security settings

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.7-PL1
    • Fix Version/s: 3.0.11-RC1
    • Component/s: ACP
    • Labels:
      None

      Description

      The "Password length" option is located under the "User registration settings" acp_board page. It is however not under the "Security settings" page. I suggest it be added to that page as well.

        Activity

        Show
        igorw Igor Wiedler [X] (Inactive) added a comment - Patch: http://github.com/evil3/phpbb3/compare/ticket/9681
        Hide
        A_Jelly_Doughnut A_Jelly_Doughnut added a comment -

        Hmm ... I'm not sure if this is a good thing to do or not. It seems people are confused in general by the same settings being in multiple ACP pages, adding another one of these isn't on my priority list.

        Show
        A_Jelly_Doughnut A_Jelly_Doughnut added a comment - Hmm ... I'm not sure if this is a good thing to do or not. It seems people are confused in general by the same settings being in multiple ACP pages, adding another one of these isn't on my priority list.
        Hide
        narqelion narqelion [X] (Inactive) added a comment - - edited

        Again, to quote Julia Roberts, "Big mistake. Big. Huge." Adding duplication of user toggled settings is the OPPOSITE of what you want to do. You (as in phpBB) actually committed to simplifying the ACP and getting rid of the redundancy and confusing ACP maze of menus. Not to mention it directly violates one of the ten general principles for user interface design. In fact 'Password complexity' should be removed as a field selection from the Security settings page as it is less related to security and more of a "best practice" guideline that would first be encountered during the registration process the same as password length. The reverse can be said for 'Maximum number of login attempts:' and 'Force password change:' as they have nothing to do with the registration process and everything to do with security.

        Show
        narqelion narqelion [X] (Inactive) added a comment - - edited Again, to quote Julia Roberts, "Big mistake. Big. Huge." Adding duplication of user toggled settings is the OPPOSITE of what you want to do. You (as in phpBB) actually committed to simplifying the ACP and getting rid of the redundancy and confusing ACP maze of menus. Not to mention it directly violates one of the ten general principles for user interface design. In fact 'Password complexity' should be removed as a field selection from the Security settings page as it is less related to security and more of a "best practice" guideline that would first be encountered during the registration process the same as password length. The reverse can be said for 'Maximum number of login attempts:' and 'Force password change:' as they have nothing to do with the registration process and everything to do with security.
        Hide
        igorw Igor Wiedler [X] (Inactive) added a comment -

        You're exaggerating

        Choosing a password is not limited to registration. As an administrator I don't want to go and have to look for something. If it's part of registration and also a security aspect (yes, I would in fact argue that it is), I personally do not see an issue with duplicating it, if it makes things more convenient.

        Show
        igorw Igor Wiedler [X] (Inactive) added a comment - You're exaggerating Choosing a password is not limited to registration. As an administrator I don't want to go and have to look for something. If it's part of registration and also a security aspect (yes, I would in fact argue that it is), I personally do not see an issue with duplicating it, if it makes things more convenient.
        Hide
        Oleg Oleg [X] (Inactive) added a comment -

        Patch URL is 404.

        Show
        Oleg Oleg [X] (Inactive) added a comment - Patch URL is 404.
        Hide
        Oleg Oleg [X] (Inactive) added a comment -

        Looking at the acp pages in question, I notice two things:

        1. The security page has other password-related fields (e.g. password complexity).

        2. There are other settings already duplicated between the two pages (e.g. password expiration).

        Show
        Oleg Oleg [X] (Inactive) added a comment - Looking at the acp pages in question, I notice two things: 1. The security page has other password-related fields (e.g. password complexity). 2. There are other settings already duplicated between the two pages (e.g. password expiration).
        Hide
        bantu Andreas Fischer added a comment -

        Although we decided we want to clean up the ACP instead of adding more redundant settings, I will merge this patch for consistency. A proper cleanup just has to preserve consistency.

        Show
        bantu Andreas Fischer added a comment - Although we decided we want to clean up the ACP instead of adding more redundant settings, I will merge this patch for consistency. A proper cleanup just has to preserve consistency.

          People

          • Assignee:
            Oleg Oleg [X] (Inactive)
            Reporter:
            igorw Igor Wiedler [X] (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development