commit 94a2053cd05cabee2e4233ef33e1f116201d9368
Author: Li Ma <email address hidden>
Date: Fri Feb 28 18:54:35 2014 -0800
Password trunction makes password insecure
The trunc_password function attempts to correct and truncate
password. It is not recommended to 'fix' invalid input and
continue on processing and logging it. Instead, strict check
is introduced to validate password. If a password exceeds the
maximum length, an HTTP 403 Forbidden error is thrown.
In order to keep compatibility, an option 'strict_password_check'
is also introduced to let operator decide which method to use.
Reviewed: https:/ /review. openstack. org/77325 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=94a2053cd05 cabee2e4233ef33 e1f116201d9368
Committed: https:/
Submitter: Jenkins
Branch: master
commit 94a2053cd05cabe e2e4233ef33e1f1 16201d9368
Author: Li Ma <email address hidden>
Date: Fri Feb 28 18:54:35 2014 -0800
Password trunction makes password insecure
The trunc_password function attempts to correct and truncate
password. It is not recommended to 'fix' invalid input and
continue on processing and logging it. Instead, strict check
is introduced to validate password. If a password exceeds the
maximum length, an HTTP 403 Forbidden error is thrown.
In order to keep compatibility, an option 'strict_ password_ check'
is also introduced to let operator decide which method to use.
DocImpact 5412af59a059de5 a98bad2925e
Change-Id: I560daa843b94a0
Closes-Bug: #1175904