[opencms-dev] Allowed chars for passwords?

Pannetier Alain Alain.m.Pannetier at atosorigin.com
Thu Jun 9 13:04:44 CEST 2005 

Hi Anatol, 

I got that problem as well and ran OpenCms under debug to understand
what was going on. 

Basically, when you send "ab+cd" from the preferences what you actually
send is "ab cd" because + is interpreted as a CGI placeholder for a
white space.  

Later when you log in you send "ab+cd" but what's encoded in the db is
the digest for "ab cd".  So you're thrown out... 

When you log in with 6.0 rc1 and you've got your password wrong you
apparently fall into a null pointer exception in method :

org.opencms.db.CmsUserSettings#init() 

at line 473 because there are no preferences for a user who failed to
log in. 

I guess that's a kind of bug worth reporting but I have just downloaded
OpenCms yesterday for the first time and subscribed this list when I ran
into trouble.  Surely some OpenCms guru can use this.

For now, I'll keep away from "+" (may be should send "ab%20cd" ;-) 

Regards, 

Alain Pannetier. 

-----Original Message----- 
From: Anatol [ mailto:opencms at recordcaster.de
<mailto:opencms at recordcaster.de> ] 
Sent: 09 June 2005 10:59 
To: opencms-dev at opencms.org 
Subject: Re: [opencms-dev] Allowed chars for passwords? 

A little addendum: 

For a "normal" user a "+" char in the password is noproblem, but only 
for ADMINs! 
Is this intended? 

Greetings 
Anatol 

Anatol schrieb: 

> Hi All! 
> 
> Could it be, that some chars are not allowed for using in passwords? I

> changed my password in opencms and one char was an "+". After relogin,

> I got an error (Tomcat: nullpointer exception if I remember it right) 
> :-( Good to have an Admin-User ;-) I tested it again and again: If I 
> used a password without a "+" char, the login was correct, but if I 
> used a "+" i got the error. 
> Are some chars not for use in passwords or is it a bug? 
> 
> Greetings 
> Anatol 
> 
> 
> _______________________________________________ 
> This mail is send to you from the opencms-dev mailing list 
> To change your list options, or to unsubscribe from the list, please 
> visit 
> http://mail.opencms.org/mailman/listinfo/opencms-dev
<http://mail.opencms.org/mailman/listinfo/opencms-dev>  
> 
> 



_______________________________________________ 
This mail is send to you from the opencms-dev mailing list 
To change your list options, or to unsubscribe from the list, please
visit 
http://mail.opencms.org/mailman/listinfo/opencms-dev
<http://mail.opencms.org/mailman/listinfo/opencms-dev>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20050609/e7e26e35/attachment.htm>

More information about the opencms-dev mailing list