[DragonFlyBSD - Bug #2316] Ungraceful invalid password handling for adding a new user in the installer

Alex Hornung via Redmine bugtracker-admin at leaf.dragonflybsd.org
Fri Apr 27 23:23:07 PDT 2012


Issue #2316 has been updated by Alex Hornung.


There is a good reason to disallow those characters that has been discussed a million times - it's a practical reason which boils down to how the installer calls the underlying tools to set it up. Anyone can change the passwords easily enough after installing.
----------------------------------------
Bug #2316: Ungraceful invalid password handling for adding a new user in the installer
http://bugs.dragonflybsd.org/issues/2316

Author: Mark Towler
Status: New
Priority: Normal
Assignee: 
Category: 
Target version: 


Problem:

I tried adding a new user in the configuration portion of the installer, and was warned that the password couldn't contain the following characters :;,`~!@#$%^&*()+={}[]\|/?<>'"

Then, when I tried adding the user again, but with no password, I was told there was an error: error 65

Looking through the log showed that the user already existed, so that's why I was getting the error 65.

Suggestions:

When an invalid password is entered, the handling of errors should be made more graceful.  Instead of giving an error number, a human-readable error message should be generated.  Also, password validity checks should be done before an attempt to create the user is made, not afterwards.  If the password is invalid, no attempt to create a user should be allowed at all.

Furthermore, there doesn't seem to be any good reason to restrict the passwords from containing all those special characters.  If anything, they should be encouraged, as they make passwords more secure.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account





More information about the Bugs mailing list