[sork] password string length

Eric Rostetter eric.rostetter@physics.utexas.edu
Tue, 9 Jul 2002 20:11:46 -0500


Quoting Erik Slooff <erik@slooff.com>:

> I was wondering if it's a good idea to have 2 variables defined per server in 
> passwd/config/conf.php for password length control. Eg. min_password_length
> and max_password_length added to the $conf['server']['......'] arrays.

Still not warm on the idea of having seperate size restrictions per server.
Leaving it as a global size limit for all servers for the time being. Have
not heard any complaints about that, so I assume everyone else is happy with
that arrangement.

> To prevent this you could show a message in the password change screen that 
> shows what the min and max length should be (and maybe even adjust the field 
> length in the form?).

The forms are now adjusted to the maxlength if it is present, so the user
can not enter more than maxlength characters in the form.  Any additional
message(s) would probably be overkill, so I didn't add any. In CVS HEAD only
for now.

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.