Comments (11)
Right – i reported this issue too a few days ago via facebook to the lepton2 team. They said, the problem is known and will be fixed; thanks for filing this issue here on github (i forgot that recently)!
from blackcatcms.
you're welcome :)
from blackcatcms.
I've assigned this problem to webbird. I can't remember about this problem, but I know the discussion about the password length. Maybe we should change the checkbox from "Empty password" to "shorter than 4 chars" or something like that...
from blackcatcms.
We've decided to not allow passwords < 6 chars length some time ago for improved security. Though I respect your decision to have a shorter one for your DB, our goal is to protect those who use shorter ones just for laziness, not knowing (or thinking) about the security leak they open by this.
If you wish to allow shorter passwords, you can tweak this in ./framework/sys.constants.php:
define('AUTH_MIN_PASS_LENGTH', 6); // minimum lenght a new password must have
define('AUTH_MAX_PASS_LENGTH', 128); // maximum lenght of a password.
from blackcatcms.
Hello webbird, thanks for the hint! But i think, tweaking files is not the best solution. I assume that many websites are developed and tested locally and there are often short db passworts set (XAMPP, MAMP etc.). No one wants to edit the sys.constants.php again and again for every project. Probably creativecat's suggestion would be nice solutions: A checkbox for "allow empty and short passwords" instead of the "empty password" checkbox.
I love your work, keep on! :-)
from blackcatcms.
"allow empty and short passwords"
Okay, accepted. :)
from blackcatcms.
BTW, I am working on the installer at the moment, what do you think?
http://lepton2.webbird.de/media/2012-12-18_140638.jpg
from blackcatcms.
New short text for checkbox: Don't check database password
New long description text: If you don't have a database password, or a password that doesn't meet common security constraints, please check this checkbox. Please note that this is a security risk in public environments! Use empty and/or short passwords in (local) testing environments only.
from blackcatcms.
Great solution, thanks a lot!
Installer:
I personally don't like the font and the font-styling of "Lepton v.2.0 Blackcat Edition" in the header. Too much italic, too much glow. Just my two cents ;-)
from blackcatcms.
Introduced same option for admin pw. Hopefully this will be used for testing environments only.
from blackcatcms.
Please check latest commit.
e3a4cad
from blackcatcms.
Related Issues (20)
- v1.4Beta: Update LoginBox Droplet HOT 1
- Droplet Export - wrong path in ZIP
- Deprecated: Function create_function() is deprecated in \droplets\tool.php on line 205
- Cross Site Script Vulnerability on "Page" in BlackCAT CMS 1.3.6 HOT 2
- Cross Site Script Vulnerability on "Admin-Tools" in BlackCAT CMS 1.3.6 HOT 2
- installation comple but cat_addons error received HOT 2
- Backend -> Addons -> Create new -> template --- missing entry in addons table HOT 1
- Sitemap.xml wird immer neu generiert HOT 1
- Transportprotokoll tls wird bei SMTP mit Swift nicht gesetzt HOT 1
- Login IP mit IPv6 können nicht gespeichert werden
- XSS Vulnerability on Modify Group Page HOT 3
- 🚨 Potential Security Vulnerability - huntr.dev HOT 2
- v1.4: Fehlermeldung beim Hochladen von Dateien HOT 1
- Droplets module needs rewrite
- lib_search needs rewrite
- Passwort wird nicht korrekt gespeichert
- upgrade.php von Modulen wird ggf. nicht vollständig ausgeführt HOT 1
- Password is hashed twice
- query() in lib_doctrine is deprecated
- Unable to login after giving login credentials. HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blackcatcms.