Red Hat Bugzilla – Full Text Bug Listing
|Summary:||User can paste multibyte characters in as a password, but cannot actually type them.|
|Product:||[Other] RHQ Project||Reporter:||Corey Welton <cwelton>|
|Component:||Core UI||Assignee:||Charles Crouch <ccrouch>|
|Status:||CLOSED WONTFIX||QA Contact:||Mike Foley <mfoley>|
|Version:||4.0.0.B02||CC:||hbrock, ian.springer, jshaughn|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-02-26 17:27:03 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Corey Welton 2011-03-02 14:14:39 EST
Description of problem: This is a bit of a nitpick. If one tries to edit a user password and enter multibyte characters, s/he cannot. However, they can be pasted into the box. (Likewise, on the login screen, user cannot enter them but they can be pasted in) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Administration > Users > $user 2. In the Password field, using an IME, attempt to enter the characters "一二三一二三" note that you probably cannot enter these -- you see a dot entered for each character you've typed, instead. 3. Attempt to paste in the same string to password/verify password fields. 4. Attempt to login as said user, using the methods listed in steps 2 and 3 above. Actual results: User cannot use IME to enter multibyte chars into password fields. They can, however, paste said characters Expected results: I'm really not sure we necessarily want/need to allow them to enter such characters - but if we decide to block it, we should parse password strings prior to submittal to disallow such characters as well. Additional info: This very well could be a limitation of the toolkit, browser, or even the IME on the system (Fedora in this case). And I am fine with disallowing multibyte characters as passwords. But if we do so, we should make sure they cannot be entered in myriad other ways.
Comment 1 Corey Welton 2011-03-02 14:15:53 EST
btw if you want to try this on fedora, assure ibus-daemon is installed and you have the Mandarin pinyin pack installed. To enter the characters, enable the IME and start typing, "yi er san yi er san". It should probably figure out what you're trying to do.
Comment 2 Ian Springer 2011-03-09 16:28:29 EST
Charles, do we want to allow multi-byte characters in passwords?