Opened 7 years ago
Last modified 7 years ago
#28881 closed Cleanup/optimization
Common password validator does not handle case correctly — at Version 2
| Reported by: | Nick Farrell | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 2.0 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The CommonPasswordValidator holds a set of common passwords in memory, after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing to the set. However, the reference set was not converted to lowercase.
This is not a problem when using the default set of common passwords, as they have been preprocessed to be lowercase. However, there is nothing in the documentation indicating this preprocessing should occur.
Change History (2)
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 7 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.