https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298 --- Comment #23 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Jonathan Druart from comment #20)
I am in discussion with the sponsor about the special character. In any cases that will be dealt on another bug report. Well, I have quite a strong opinion on that one..
I saw several constructs like: my $minpw = C4::Context->preference('minPasswordLength'); $minpw = 3 if not $minpw or $minpw < 3; We could call a function in C4/Auth to get the password length and not check the pref everywhere. And increase 3 of course.
See the whole patch set, this is fixed in the last patch. OK Sorry, I didnt see.
"Now that we have a check client-side, nothing prevents us from a smart guy to bypass it and force an invalid password." And this is an issue. How do you want to resolve that one?
Hum? I added server-side checks everywhere. If so, the commit message is confusing.
-- You are receiving this mail because: You are watching all bug changes.