FS#77549 - bugs.archlinux.org Registration: Maximum password length unknown but oversized passwords accepted

Attached to Project: Arch Linux
Opened by Christian Buhtz (buhtz) - Friday, 17 February 2023, 06:56 GMT
Last edited by Toolybird (Toolybird) - Monday, 20 February 2023, 04:23 GMT
Task Type Feature Request
Category Web Sites
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hello,
I just registered an account on bugs.archlinux.org.

The problem with the bugtracker frontend while the registration process is

1. It accepts oversized (to long) passwords without reporting this as an error.

2. The registration process doesn't inform about the maximum accepted length of a password. It just reports the minimum with 5. The latter is IMHO to minimum by the way.

Excepted behavior:
Mention all existing password restrictions including maximum password length in the registration form.
Do give an error if the password is to long.

Don't just set the maximum chars field of the HTML forms field. This would result in the behavior that the string a user put in there is cutted without informing the user.
This task depends upon

Closed by  Toolybird (Toolybird)
Monday, 20 February 2023, 04:23 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#39816 
Comment by Toolybird (Toolybird) - Monday, 20 February 2023, 04:23 GMT
See  FS#72896  for example "flyspray is sadly unmaintained so nothing we can fix."

I think the long term plan is to migrate bug reporting to Arch's GitLab instance. (as an aside: I personally think that will place too high a barrier to entry, with SSO requirements etc. I know of no other open source project with such requirements just to report a bug).

Despite its warts, flyspray still does a reasonable job.

This password length issue has come up before in  FS#39816 . But unfortunately I don't think we can fix it.

Loading...