Bug #20738 Forge passwords should allow 20 characters, same as mysql.com
Submitted: 27 Jun 2006 21:50 Modified: 28 Jun 2006 6:06
Reporter: Jay Pipes Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Websites: MySQLForge Severity:S3 (Non-critical)
Version: OS:
Assigned to: Jay Pipes CPU Architecture:Any

[27 Jun 2006 21:50] Jay Pipes 
Description:
Reported by MC Brown, that password lengths do not match

How to repeat:
Try entering 17 character password.  Cannot

Suggested fix:
Lengthen field.  Should be just the form field, since the DB field is hashed and is 41 characters long, to the standard 4.1 passhash algo.
[27 Jun 2006 23:02] Jim Winstead 
You're using the PASSWORD() function? Read this bit in the manual:

  Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your applications.
[27 Jun 2006 23:33] Jay Pipes 
Hmmm, good to know, Jim.  Too bad I missed it; been using it for years, and old habits apparently die hard :(  So, this poses an interesting problem for the already existing Forge accounts...I'll have to think on a fix for this.
[28 Jun 2006 6:06] Jay Pipes 
OK, there is now full single signon with the main mysql.com authentication system (not including the forge wiki, which is a separate task).  No more PASSWORD().