0022841: Don't truncate password when it exceeds db field size

ID	Project	Category	View Status	Date Submitted	Last Update

0022841	mantisbt	authentication	public	2017-05-06 17:50	2021-01-05 18:59

Reporter	dregad	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	assigned	Resolution	open
Target Version	2.26.0

Summary	0022841: Don't truncate password when it exceeds db field size
Description	Following up on discussion in PR 1048. auth_process_plain_password() silently truncates the processed password to the size of the underlying database field. This can cause problems when the password field's size is increased, as it will cause users to no longer be able to login, forcing them to reset their password.
Tags	No tags attached.

dregad 2017-05-06 18:14 developer ~0056786	PR https://github.com/mantisbt/mantisbt/pull/1048

thE_iNviNciblE 2019-04-28 09:22 reporter ~0062010	FYI: "New lengths vary depending on the database management system: MariaDB version 10.0 and higher - 80 characters PostgreSQL version 7.3 and higher - 61 characters PostgreSQL versions lower than 7.3 - 31 characters Microsoft SQL (all versions) - 128 characters MySQL version 5.7.8 and higher - 32 characters Percona version 5.7 and higher - 32 characters Other database management systems - 16 characters"

dregad 2019-04-28 11:27 developer ~0062011	@thE_iNviNciblE Your post is confusing. Where do you get this information from ? The size of password field is set to 64 chars by MantisBT at installation time, and that does not depend on RDBMS. Or maybe you meant something else, in that case please clarify...

thE_iNviNciblE 2019-06-14 02:44 reporter ~0062254	@dregad: i've seen information here: https://docs.plesk.com/release-notes/onyx/change-log/#179-preview13

dregad 2019-06-14 03:44 developer ~0062257	That's the changelog for Plesk, I don't see how it is related to MantisBT.