dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5f491f) | patch
SECURITY: Set maximal password length for DoS
authorTyler Romeo <tylerromeo@gmail.com>
Fri, 26 Dec 2014 16:29:15 +0000 (11:29 -0500)
committercsteipp <csteipp@wikimedia.org>
Wed, 1 Apr 2015 16:55:42 +0000 (09:55 -0700)
commit63cf33d8252edc81888be4dbb9b7542e4b289ca2
tree35ec143f40008cf847522681a08a675bc8f45d0atree | snapshot
parentb5f491fb6d5d2a0d808223c898ba99b98637fa71commit | diff
SECURITY: Set maximal password length for DoS

Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.

Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.

Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
includes/DefaultSettings.php diff | blob | history
includes/User.php diff | blob | history
includes/specials/SpecialUserlogin.php diff | blob | history
languages/i18n/en.json diff | blob | history
languages/i18n/qqq.json diff | blob | history
tests/phpunit/includes/UserTest.php diff | blob | history
Wiklou, le Wiki du Wiklou