[wp-trac] [WordPress Trac] #42766: Issue in update password From admin side and login ith same password
WordPress Trac
noreply at wordpress.org
Fri Aug 28 13:14:48 UTC 2020
#42766: Issue in update password From admin side and login ith same password
-------------------------------------+-------------------------------------
Reporter: ronakganatra | Owner: adamsilverstein
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 5.6
Component: Users | Version:
Severity: normal | Resolution:
Keywords: good-first-bug has- | Focuses: ui, javascript,
patch has-unit-tests needs- | administration, performance
testing needs-design |
-------------------------------------+-------------------------------------
Comment (by aristath):
@noudwordpress, @hansjovisyoast and myself tried tackling this one today.
After reading the comments above, we started wondering if the problem is
the fact that the user can set a whilespace-only (spaces, tabs etc)
password, or the fact that after setting it they can't login with it.
After a lot of backtracing and debugging we came to the conclusion that
allowing whitespace-only characters as a password would introduce a lot
more issues than it would solve. It ''is'' possible to allow them, but not
without weakening security or implementing "hacky" solutions.
> Do we want a password of only spaces/space-like characters (e.g. tabs
maybe if pasted in) to be allowed?
According to our findings, though technically possible, it would be
inadvisable to allow whitespaces-only passwords.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42766#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list