[wp-trac] [WordPress Trac] #31772: Browser unresponsive with long password
WordPress Trac
noreply at wordpress.org
Wed May 6 19:28:33 UTC 2015
#31772: Browser unresponsive with long password
-------------------------------------+-------------------------------------
Reporter: BevanR | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.7
Severity: normal | Resolution:
Keywords: has-patch needs-unit- | Focuses: javascript,
tests | performance
-------------------------------------+-------------------------------------
Comment (by BevanR):
@mattheweppelsheimer; Why and how do you create such long passwords?
I ask because if there are common and good reasons for such long
passwords, that might affect the priority of this issue, and also the
related might-be-bug; that WP fails silently when a new password is
greater than its threshold of about 1 or 2 thousand characters. Note
other systems have lower thresholds; Drupal's is about 500 for example.
So if your password system or process generates passwords longer than a
few hundred characters you are likely to encounter such issues.
FYI, the reason for these thresholds is to prevent DDoS attacks, for which
limitless password-hashing would offer a prime attack vector. The limits
are not the result of any limitation of the database or technology stack.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31772#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list