password validation needs to be implemented #416
Comments
The auth server doesn't have direct access to the length of your password, so this restriction cannot be enforced in the API. It can be enforced on our clients. Here is a tracking issue for FxA on the Web: mozilla/fxa-content-server#110 I'm not sure if we have corresponding issues for Android and FxOS. |
I don't see anything for Android: https://bugzilla.mozilla.org/showdependencytree.cgi?id=799726&hide_resolved=0 I don't see anything for FxOS: https://bugzilla.mozilla.org/showdependencytree.cgi?id=920135&maxdepth=4&hide_resolved=0 |
If @edmoz does not get to it soon, I will open a couple a tickets from the above trees... |
@jbonacci I'm thinking we should test this in elm builds now, then log bugs as appropriate. I'm wonder if the server can get buffer overflow'd with really large pw strings -- i'll try it. |
@edmoz are you talking here? or is it here but not supported on desktop/android? |
@edmoz the server should reject any POST over 1MB |
OK, so that is something we can check against the Dev auth server since that is where the ELM builds are pointing. |
I've been logging in 100s of times with 64k pw and I'm seeing this mem growth. Not sure at what point GC will kick in
|
which env is this against? |
i'm running master, locally on mac 10.9. Prob should try against a aws as linux handles open files better |
change the password string to empty, int, or really long string
node client/example.js
actual: it works
expected: should get an error that password must be between ~8-32 characters?
The text was updated successfully, but these errors were encountered: