Red Hat Bugzilla – Bug 681632
User can paste multibyte characters in as a password, but cannot actually type them.
Last modified: 2015-02-01 18:26:52 EST
Description of problem:
This is a bit of a nitpick.
If one tries to edit a user password and enter multibyte characters, s/he cannot. However, they can be pasted into the box. (Likewise, on the login screen, user cannot enter them but they can be pasted in)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Administration > Users > $user
2. In the Password field, using an IME, attempt to enter the characters "一二三一二三" note that you probably cannot enter these -- you see a dot entered for each character you've typed, instead.
3. Attempt to paste in the same string to password/verify password fields.
4. Attempt to login as said user, using the methods listed in steps 2 and 3 above.
User cannot use IME to enter multibyte chars into password fields. They can, however, paste said characters
I'm really not sure we necessarily want/need to allow them to enter such characters - but if we decide to block it, we should parse password strings prior to submittal to disallow such characters as well.
This very well could be a limitation of the toolkit, browser, or even the IME on the system (Fedora in this case). And I am fine with disallowing multibyte characters as passwords. But if we do so, we should make sure they cannot be entered in myriad other ways.
btw if you want to try this on fedora, assure ibus-daemon is installed and you have the Mandarin pinyin pack installed. To enter the characters, enable the IME and start typing, "yi er san yi er san". It should probably figure out what you're trying to do.
Charles, do we want to allow multi-byte characters in passwords?