Comment 8 for bug 1175906
Revision history for this message
| Brant Knudson (blk-u) wrote Re: passlib long password DoS | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I prefer truncating. As long as it's not truncating to some really short value (I'd draw the line at 30 characters). After reading a discussion on stackforge it seems like the correct approach to me.
In order to exploit it, wouldn't you have to create users with long passwords, or allow some miscreant to set their password to a long value? At least you'd know who it is.