Author Topic: CoolKey not watching for password field length limitations  (Read 7709 times)

1001101

  • Guest
CoolKey not watching for password field length limitations
« on: January 19, 2009, 02:34:18 AM »
Hi! When trying to use PasswordMaker for the first time, I tried it on the on-mirrors-edge.com forums.
The password field there has a limited length (16), but I had my default password length in PasswordMaker set to 20. When I tried to log in for the first time, I was unable to due to a wrong password. It took a while but finally I was able to find the problem. Whenever I used the CoolKey button, PasswordMaker somehow managed to squeeze the whole 20 characters password into the password field. I later found out that all is okay when I'm using the clipboard to paste the password.
What's even weirder is that when I tried to set a new password on the forums and used CoolKey for populating the fields, the password was stored as a 20 characters password! I was also able to log in using CoolKey! There was no way to log in by using the browser. Although it's basically the site's fault, I thought it's worth mentioning as someone else might run into the problem. It would also be safer to fix this in the following version (using 1.7.2) before somebody runs into trouble.

Nice app, by the way! Especially the online version was a great idea and will probably be the reason I'll start using the password generator! :) Keep up the good work!

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: CoolKey not watching for password field length limitations
« Reply #1 on: January 19, 2009, 11:15:48 AM »
This sounds like a bug in that forums form...

I have had similar situations, and the password was simply chopped off - ie, only the first x characters were used, the rest were ignored.

1001101

  • Guest
Re: CoolKey not watching for password field length limitations
« Reply #2 on: January 19, 2009, 02:52:28 PM »
Yes, it is. The site evidently doesn't check for the password length when receiving the data from the user, relying only on the maxlength attribute of the input field. However, my point is that on normal use (web browser only) the problem does not occur. I think that CoolKey would be better off checking for the maxlength attribute and truncating the password accordingly. It would just eliminate the problem for these problematic sites.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: CoolKey not watching for password field length limitations
« Reply #3 on: January 19, 2009, 08:31:26 PM »
Ahh... right... well, thats one for Eric... ;)

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Re: CoolKey not watching for password field length limitations
« Reply #4 on: January 19, 2009, 09:42:41 PM »
I'm going to guess this is a JavaScript issue with forms in that they can ignore the maxlength. Servers shouldn't rely on the client for anything being valid in the first place anyway.
"I'm not drunk, just sleep deprived."

1001101

  • Guest
Re: CoolKey not watching for password field length limitations
« Reply #5 on: January 22, 2009, 08:40:11 PM »
I'm going to guess this is a JavaScript issue with forms in that they can ignore the maxlength. Servers shouldn't rely on the client for anything being valid in the first place anyway.

Yup, agreed. Just wanted to point that out. Especially when I noticed the 'CoolKey password incorrect' issues on the forum (I could imagine that it's sometimes pretty difficult to find the cause and thought that some of them may have been caused by this).

Offline rdebay

  • Jr. Member
  • **
  • Posts: 19
Re: CoolKey not watching for password field length limitations
« Reply #6 on: May 15, 2009, 03:26:46 PM »
The password field there has a limited length (16), but I had my default password length in PasswordMaker set to 20. When I tried to log in for the first time, I was unable to due to a wrong password. It took a while but finally I was able to find the problem. Whenever I used the CoolKey button, PasswordMaker somehow managed to squeeze the whole 20 characters password into the password field.

Currently the password field is set to 18 characters using the 'size' attribute.  All this does is set the size of the input field on the screen.  If the site wants to place a limit on the password length, they need to set the 'maxlength' attribute.  If it is not set it defaults to infinite.

PasswordMaker Forums

Re: CoolKey not watching for password field length limitations
« Reply #6 on: May 15, 2009, 03:26:46 PM »