Rank: Member
Joined: 12/19/2006(UTC)
Posts: 153
|
In the administrator setting we are given the option for minimum password legnth; I have mine set to 5.
The NewUserControl.ascx uses this "5" figure minimum to validate the password is long enough. -no problem here.
In /MyAccount_ChangeEmail.aspx the built in required field validator requires 6-20 charachters for the "old" password verification. If a user goes in to change their email and has a 5 charcter password, the /MyAccount_ChangeEmail.aspx fails to work because the password is not long enough. A quick solution is to remove the password validation from the /MyAccount_ChangeEmail.aspx page, because after all, the password is already in the DB so what is there to validate other than the password being correct?
The same holds true for the /MyAccount_ChangePassword.aspx page. The "old" password needs the validation removed. The "new" password requires 6 caracters too, but that does not cause a failure.
|
|
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC)
Posts: 1,786
|
Mark,
Thanks for reporting the issue. We generally recommend a minimum password length of 8 or more for better security. I'll log a bug about the mismatch of validators.
|
|
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC)
Posts: 1,786
|
Hot fix E for 5.4 resolves this issue
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.