forum.coppermine-gallery.net

Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: adipisicing on December 28, 2007, 10:23:49 pm

Title: Minor Bug: Characters allowed in admin password
Post by: adipisicing on December 28, 2007, 10:23:49 pm

Summary:
The instructions and behavior install.php for what characters are allowed in the administration account's password do not match the documentation.

Details:
The instructions on the install page for creating an admin account say "Use only alphanumeric characters." Indeed, if nonalphanumeric characters are entered for the password, it is considered an error, and the user is told "Admin username and password must only contain alphanumeric characters."

However, in the section "2.1.2 The install screen" of the documentation, it says

Quote

This will be your admin password to your coppermine install.... Use a combination of letters, numbers and special characters in your password. like " j3e4n5n6y* "

It also ocurrs to me that if the intended behavior is indeed to only accept alphanumeric characters, the install page should probably say "Use only alphanumeric characters in the username and password.", because that section also includes a field for the admin email address.

Version: 1.4.14

Miscellany:
Sorry if this is a duplicate or is already fixed in SVN, I couldn't find this in the bugs forum.
Let me know if I can be of additional help.

Also, thanks for CPG, it's a great piece of software!

Title: Re: Minor Bug: Characters allowed in admin password
Post by: Joachim Müller on December 29, 2007, 10:33:37 am

Thanks for spotting. I changed the docs both of cpg1.4.x as well as cpg1.5.x in the SVN repository, so the changes will make it into the next releases. The wording is now

Quote

This will be your admin password to your coppermine install. Don't use trivial, overly abused passwords - if an attacker figures out your password, s/he will be able to hack your entire site! Use a combination of upper and lower case letters and numbers like "j3e4N5n6yG". Remember, passwords like your admin username are case sensitive. Be careful when creating your password. Write it down and keep it safe, preferably somewhere away from your computer.

Marking this thread as "fixed". Thanks again for your report.