Gossamer Forum
Home : Products : DBMan : Discussions :

Password problem

Quote Reply
Password problem
DBMan recognizes only first 8 digits of password. For example: set up 11 digits of password call '12345678901'. And then enter only first 8 digits of the password '12345678', you can get in the system.
I tried in DBMen Demo site too.
Any suggestion?

Quote Reply
Re: Password problem In reply to
Oh my gosh! You're right! Shocked

What a weird bug... I added a test user with a password of "thisisalongpassword", then tried logging in with variations. Among other things, I got in with:

"thisisalong"
"thisisal"
"thisisalongpasswordsothere"

I also tried with a password of "thishas8" (eight characters long). Still I could get in with password like "thishas8characters", etc... So I guess 7 characters is the "safe zone"


In Reply To:
Any suggestion?
Yes, 2:

1) Use 7 character passwords (for now)
2) Report the bug to Alex

I couldn't tell you why it's happening, but it's definately a problem.

- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/
Quote Reply
Re: Password problem In reply to
I've been looking into the problem, and apparantly it affects more than just DBMan. The crypt function in Perl and Unix/Linux has only ever looked at the first 8 characters.

If you have access to a Unix/Linux system, try changing your password to 9+ characters, then logging in with only the first 8.

So in retrospect, I'm not entirely sure how the problem could be resolved. I guess the best thing to do is to try and only use 8 character passwords.

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/