apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: RFC use APR's getpass() instead of native getpass() on HP-UX?
Date Fri, 03 Dec 2004 20:31:56 GMT
On Fri, Dec 03, 2004 at 12:09:23PM -0500, Jeff Trawick wrote:
> On Wed, 1 Dec 2004 19:30:43 +0000, Joe Orton <jorton@redhat.com> wrote:
...
> > But the trade-off is also against backwards-compatibility of APR, right?
> > Use of long passwords could "break" when upgrading to a new version of
> > APR with this fixed, since they would stop being truncated, although the
> > workaround is obviously simple.
> 
> is this an accurate understanding?
> 
> the migration problem comes with the subversion-type usage scenario;
> user thinks password is 10 characters; actual stored password on
> server (HP-UX) was truncated at 8 characters; user upgrades APR on
> HP-UX client and now the passwords don't match when user continues to
> enter 10 characters; if server wasn't HP-UX or client wasn't HP-UX, it
> never would have worked to begin with; when both are HP-UX, client has
> to now be aware that they only thought their password was 10
> characters, and it was really 8

Yes, exactly.  But I agree with your original sentiment, that fixing the
bug and making the APR behaviour consistent across platforms for both
0.9.x and 1.0.x is worth breaking this rather obscure "compatibility". 
Anyone who relied on passwords being truncated at 8 characters before
can just stop typing after the 8th character, that's simple enough.

The number of people this will burn is probably pretty small.

joe

Mime
View raw message