[Tickets #11387] Re: horde_alarms tries always to login as first admin user but with an empty password

noreply at bugs.horde.org noreply at bugs.horde.org
Tue Feb 18 21:25:11 UTC 2014


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
  Ticket             | 11387
  Updated By         | Michael Slusarz <slusarz at horde.org>
  Summary            | horde_alarms tries always to login as first admin user
                     | but with an empty password
  Queue              | Horde Base
-Version            | 4.0.15
+Version            | Git master
  Type               | Bug
  State              | Feedback
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2014-02-18 14:25) wrote:

> We could allow empty passwords in the general-purpose IMAP library  
> and catch those earlier inside Horde-specific code, but even in  
> Horde it might be allowed to login with an empty password, at least  
> via the API.

We can't/won't allow blank passwords/authentication within  
Horde_Imap_Client since this is mandatory (for both POP3 and IMAP).   
Not to mention that it's still going to cause an error because  
authentication will fail.

This needs to be solved in the calling code.  I don't know enough  
about the uses of transparent auth to make any changes in IMP's  
transparent code, but it seems like we could check for an empty  
password there and prevent an attempt at creating an IMAP object.  Not  
sure if it fixes the issue with this ticket, but will remove at least  
one warning message.





More information about the bugs mailing list