Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Minor Bug: Characters allowed in admin password  (Read 11011 times)

0 Members and 1 Guest are viewing this topic.

adipisicing

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 24
Minor Bug: Characters allowed in admin password
« on: December 28, 2007, 10:23:49 pm »

Summary:
The instructions and behavior install.php for what characters are allowed in the administration account's password do not match the documentation.

Details:
The instructions on the install page for creating an admin account say "Use only alphanumeric characters." Indeed, if nonalphanumeric characters are entered for the password, it is considered an error, and the user is told "Admin username and password must only contain alphanumeric characters."

However, in the section "2.1.2 The install screen" of the documentation, it says
Quote
This will be your admin password to your coppermine install.... Use a combination of letters, numbers and special characters in your password. like " j3e4n5n6y* "

It also ocurrs to me that if the intended behavior is indeed to only accept alphanumeric characters, the install page should probably say "Use only alphanumeric characters in the username and password.", because that section also includes a field for the admin email address.

Version: 1.4.14

Miscellany:
Sorry if this is a duplicate or is already fixed in SVN, I couldn't find this in the bugs forum.
Let me know if I can be of additional help.

Also, thanks for CPG, it's a great piece of software!
« Last Edit: December 29, 2007, 10:34:06 am by Joachim Müller »
Logged
Unless otherwise noted, all code that I post on these forums to which I hold the copyright is released under the GPLv2.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Minor Bug: Characters allowed in admin password
« Reply #1 on: December 29, 2007, 10:33:37 am »

Thanks for spotting. I changed the docs both of cpg1.4.x as well as cpg1.5.x in the SVN repository, so the changes will make it into the next releases. The wording is now
Quote
This will be your admin password to your coppermine install. Don't use trivial, overly abused passwords - if an attacker figures out your password, s/he will be able to hack your entire site! Use a combination of upper and lower case letters and numbers like "j3e4N5n6yG". Remember, passwords like your admin username are case sensitive. Be careful when creating your password. Write it down and keep it safe, preferably somewhere away from your computer.
Marking this thread as "fixed". Thanks again for your report.
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 19 queries.