rhodecode-enterprise-ce Commit - r2192:a51e727d

security: limit the maximum password lenght to 72 characters to prevent possible...

ergo -

r2192:a51e727d stable

parent child

rhodecode/model/forms.py

0 +7 -6

                      password = v.UnicodeString(
                          strip=False,
                          min=3,
+                         max=72,
                          not_empty=True,
                          messages={
                              'empty': _(u'Please enter a password'),
                      if edit:
                          new_password = All(
                              v.ValidPassword(),
-                             v.UnicodeString(strip=False, min=6, not_empty=False)
+                             v.UnicodeString(strip=False, min=6, max=72, not_empty=False)
                          )
                          password_confirmation = All(
                              v.ValidPassword(),
-                             v.UnicodeString(strip=False, min=6, not_empty=False),
+                             v.UnicodeString(strip=False, min=6, max=72, not_empty=False),
                          )
                          admin = v.StringBoolean(if_missing=False)
                      else:
                          password = All(
                              v.ValidPassword(),
-                             v.UnicodeString(strip=False, min=6, not_empty=True)
+                             v.UnicodeString(strip=False, min=6, max=72, not_empty=True)
                          )
                          password_confirmation = All(
                              v.ValidPassword(),
-                             v.UnicodeString(strip=False, min=6, not_empty=False)
+                             v.UnicodeString(strip=False, min=6, max=72, not_empty=False)
                          )
                      password_change = v.StringBoolean(if_missing=False)
                      )
                      password = All(
                          v.ValidPassword(),
-                         v.UnicodeString(strip=False, min=6, not_empty=True)
+                         v.UnicodeString(strip=False, min=6, max=72, not_empty=True)
                      )
                      password_confirmation = All(
                          v.ValidPassword(),
-                         v.UnicodeString(strip=False, min=6, not_empty=True)
+                         v.UnicodeString(strip=False, min=6, max=72, not_empty=True)
                      )
                      active = v.StringBoolean(if_missing=False)
                      firstname = v.UnicodeString(strip=True, min=1, not_empty=False)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages