CoolKey not watching for password field length limitations

[1001101]

Hi! When trying to use PasswordMaker for the first time, I tried it on the on-mirrors-edge.com forums.
The password field there has a limited length (16), but I had my default password length in PasswordMaker set to 20. When I tried to log in for the first time, I was unable to due to a wrong password. It took a while but finally I was able to find the problem. Whenever I used the CoolKey button, PasswordMaker somehow managed to squeeze the whole 20 characters password into the password field. I later found out that all is okay when I'm using the clipboard to paste the password.
What's even weirder is that when I tried to set a new password on the forums and used CoolKey for populating the fields, the password was stored as a 20 characters password! I was also able to log in using CoolKey! There was no way to log in by using the browser. Although it's basically the site's fault, I thought it's worth mentioning as someone else might run into the problem. It would also be safer to fix this in the following version (using 1.7.2) before somebody runs into trouble.

Nice app, by the way! Especially the online version was a great idea and will probably be the reason I'll start using the password generator! Keep up the good work!

[tanstaafl]

This sounds like a bug in that forums form...

I have had similar situations, and the password was simply chopped off - ie, only the first x characters were used, the rest were ignored.

[1001101]

Yes, it is. The site evidently doesn't check for the password length when receiving the data from the user, relying only on the maxlength attribute of the input field. However, my point is that on normal use (web browser only) the problem does not occur. I think that CoolKey would be better off checking for the maxlength attribute and truncating the password accordingly. It would just eliminate the problem for these problematic sites.

[tanstaafl]

Ahh... right... well, thats one for Eric...

[Miquel 'Fire' Burns]

I'm going to guess this is a JavaScript issue with forms in that they can ignore the maxlength. Servers shouldn't rely on the client for anything being valid in the first place anyway.

[1001101]

I'm going to guess this is a JavaScript issue with forms in that they can ignore the maxlength. Servers shouldn't rely on the client for anything being valid in the first place anyway.

Yup, agreed. Just wanted to point that out. Especially when I noticed the 'CoolKey password incorrect' issues on the forum (I could imagine that it's sometimes pretty difficult to find the cause and thought that some of them may have been caused by this).

[rdebay]

The password field there has a limited length (16), but I had my default password length in PasswordMaker set to 20. When I tried to log in for the first time, I was unable to due to a wrong password. It took a while but finally I was able to find the problem. Whenever I used the CoolKey button, PasswordMaker somehow managed to squeeze the whole 20 characters password into the password field.

Currently the password field is set to 18 characters using the 'size' attribute.  All this does is set the size of the input field on the screen.  If the site wants to place a limit on the password length, they need to set the 'maxlength' attribute.  If it is not set it defaults to infinite.