SECURITY: Set maximal password length for DoS
2c0c29224bb1
Actions

Description

SECURITY: Set maximal password length for DoS

Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.

Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.

Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e

Details

Provenance

Parent5446	Authored on
csteipp	Committed on Mar 30 2015, 8:33 PM

Parents

rMW2759460fcedd: SECURITY: Fix animate blacklist

Branches

Unknown

Tags

Unknown

ChangeId

I24f33474c6f934fb8d94bb054dc23093abfebd5e

Event Timeline

csteipp committed rMW2c0c29224bb1: SECURITY: Set maximal password length for DoS (authored by Parent5446).Mar 30 2015, 8:33 PM

Changes (6)

Path

Size

includes/

DefaultSettings.php

User.php

specials/

SpecialUserlogin.php

languages/

i18n/

en.json

qqq.json

tests/

phpunit/

includes/

UserTest.php

rMW2c0c29224bb1

View Options

includes/DefaultSettings.php

View Options

includes/User.php

View Options

includes/specials/SpecialUserlogin.php

View Options

languages/i18n/en.json

View Options

languages/i18n/qqq.json

View Options

tests/phpunit/includes/UserTest.php

SECURITY: Set maximal password length for DoS2c0c29224bb1Actions

Description

Details

Event Timeline

Changes (6)

rMW2c0c29224bb1

includes/DefaultSettings.php

includes/User.php

includes/specials/SpecialUserlogin.php

languages/i18n/en.json

languages/i18n/qqq.json

tests/phpunit/includes/UserTest.php

SECURITY: Set maximal password length for DoS
2c0c29224bb1
Actions