[Tickets #11387] Re: horde_alarms tries always to login as first admin user but with an empty password
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Feb 18 21:25:11 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
-Version | 4.0.15
+Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2014-02-18 14:25) wrote:
> We could allow empty passwords in the general-purpose IMAP library
> and catch those earlier inside Horde-specific code, but even in
> Horde it might be allowed to login with an empty password, at least
> via the API.
We can't/won't allow blank passwords/authentication within
Horde_Imap_Client since this is mandatory (for both POP3 and IMAP).
Not to mention that it's still going to cause an error because
authentication will fail.
This needs to be solved in the calling code. I don't know enough
about the uses of transparent auth to make any changes in IMP's
transparent code, but it seems like we could check for an empty
password there and prevent an attempt at creating an IMAP object. Not
sure if it fixes the issue with this ticket, but will remove at least
one warning message.
More information about the bugs
mailing list