HomePhabricator

SECURITY: Set maximal password length for DoS

Description

SECURITY: Set maximal password length for DoS

Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.

Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.

Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e

Details

Provenance
Parent5446Authored on
csteippCommitted on Mar 30 2015, 8:33 PM
Parents
rMW2759460fcedd: SECURITY: Fix animate blacklist
Branches
Unknown
Tags
Unknown
ChangeId
I24f33474c6f934fb8d94bb054dc23093abfebd5e