[sork] string length

Eric Rostetter eric.rostetter@physics.utexas.edu
Tue, 2 Jul 2002 08:23:10 -0500


Quoting René Jensen <lundeman@tbkol.dk>:

> For me this sounds like a good idea, allthoug it would require some
> additional 
> comments in the conf.php file.

Yes, we could set a min/max length in the conf.php file.  We would need
to decide on reasonable defaults in case they are not set (even if the
default is no check at all).  This raises questions like should we let
the user set their password to a null (empty) password, etc.  Normally
these are more site-specific policy decisions, but an argument could be
made that we should try to protect people from themselves also...

> The system I use do not have max passwd length set.
> (but we actually have min passwd length.)
> And I definately see that the information could be usefull.

It really doesn't matter if your system has max/min length, only if you want
the module to have min/max lengths...

> I don't know how this would be implemented in the LDAP part of the passwd 
> module, (if LDAP even care..). But I will try to come up with a patch for the
> smbpasswd, and poppasswd parts later today.

It should not be implemented per class, but rather in main.php once for all
classes.  That way there is just one check that applies to everything, and
everything is consistent.

If you check the todo list, this is actually in there, at least for min
length...  At the same time, we could add other checks like username==password,
password==realname, etc.  See the todo for some thoughts about this.

Normally, this kind of thing is best left to the system.  However, we've
found that some poppassd servers check (via pam, etc) and others don't.
So I'm open to the idea (as an option).

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.