Non-ASCII characters in Password

Discussions and requests related to new CMSimple features, plugins, templates etc. and how to develop.
Please don't ask for support at this forums!
cmb
Posts: 11675
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Non-ASCII characters in Password

Postby cmb » Mon Mar 10, 2014 12:44 pm

Hello Community,

there might be issues regarding non ASCII characters in the password due to different possible Unicode representations of the same "glyph". Actually this issue affects other functionality as well (e.g. the search function), but for passwords it might be a particular problem. Consider the letter ü, which can be represented as U+00FC and as U+0075,U+0308 (and probably there are more alternatives). AFAIK there are no "rules" for browsers on how to handle Unicode in this regard.

The clean solution would be applying Unicode normalization, but that is only available through PHP's intl extension, which is not supposed to be installed "everywhere".

As a workaround we may recommend to use only ASCII characters for the password (and perhaps enforce that with a check when the password is changed).

Christoph
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Holger
Site Admin
Posts: 2619
Joined: Mon May 19, 2008 7:10 pm
Location: Hessen, Germany
Contact:

Re: Non-ASCII characters in Password

Postby Holger » Thu Mar 13, 2014 12:18 pm

cmb wrote:As a workaround we may recommend to use only ASCII characters for the password (and perhaps enforce that with a check when the password is changed).

I agree. it seems ther is no other option at the moment.

cmb
Posts: 11675
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Non-ASCII characters in Password

Postby cmb » Thu Mar 13, 2014 1:39 pm

I've put "Prohibit non-ASCII characters in Password" on the 1.6.2 roadmap. There's probably no need to vote on the documentation only, which I have added in the Wiki (the German translation is pending).
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

cmb
Posts: 11675
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Non-ASCII characters in Password

Postby cmb » Sun May 11, 2014 11:15 pm

cmb wrote:I've put "Prohibit non-ASCII characters in Password" on the 1.6.2 roadmap.

I've implemented a respective check for password changes (r1280).
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+


Return to “Open Development”

Who is online

Users browsing this forum: No registered users and 2 guests