Bug 681632 - User can paste multibyte characters in as a password, but cannot actually type them.
User can paste multibyte characters in as a password, but cannot actually typ...
Status: CLOSED WONTFIX
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
4.0.0.B02
Unspecified Unspecified
low Severity low (vote)
: ---
: ---
Assigned To: Charles Crouch
Mike Foley
:
Depends On:
Blocks: gwt-admin-usersroles
  Show dependency treegraph
 
Reported: 2011-03-02 14:14 EST by Corey Welton
Modified: 2015-02-01 18:26 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-26 17:27:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Corey Welton 2011-03-02 14:14:39 EST
Description of problem:

This is a bit of a nitpick.
If one tries to edit a user password and enter multibyte characters, s/he cannot.  However, they can be pasted into the box.  (Likewise, on the login screen, user cannot enter them but they can be pasted in)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Administration > Users > $user
2.  In the Password field, using an IME, attempt to enter the characters "一二三一二三"  note that you probably cannot enter these -- you see a dot entered for each character you've typed, instead.
3.  Attempt to paste in the same string to password/verify password fields.
4.  Attempt to login as said user, using the methods listed in steps 2 and 3 above.
  
Actual results:
User cannot use IME to enter multibyte chars into password fields.  They can, however, paste said characters

Expected results:
I'm really not sure we necessarily want/need to allow them to enter such characters - but if we decide to block it, we should parse password strings prior to submittal to disallow such characters as well.

Additional info:

This very well could be a limitation of the toolkit, browser, or even the IME on the system (Fedora in this case).  And I am fine with disallowing multibyte characters as passwords.  But if we do so, we should make sure they cannot be entered in myriad other ways.
Comment 1 Corey Welton 2011-03-02 14:15:53 EST
btw if you want to try this on fedora, assure ibus-daemon is installed and you have the Mandarin pinyin pack installed.  To enter the characters, enable the IME and start typing, "yi er san yi er san".  It should probably figure out what you're trying to do.
Comment 2 Ian Springer 2011-03-09 16:28:29 EST
Charles, do we want to allow multi-byte characters in passwords?

Note You need to log in before you can comment on or make changes to this bug.