Password max length: why?

[g.m...@gmail.com]

Hello,

I just found out that Stardog has a 20 char. max password limit. Not only is it the default max value, but it is also impossible to set a higher max length.

june 23, 2014 5:13:16 PM com.complexible.stardog.security.impl.DefaultPasswordPolicyEnforcer$1 validate
SEVERE: Configuration for Max password length is not valid, it must be between 1 and 20, [Max=512], using default.

Why would you want that? I understand that there would be a limit (say, 256 or 512) in order to avoid DoS attacks, but still, TWENTY CHARS?

That doesn't make sense to me. If you REALLY can't afford to have passwords longer than 20 characters, then at least could you explain to me why you made this choice?

See also: http://stackoverflow.com/questions/98768/should-i-impose-a-maximum-length-on-passwords

[Kendall Clark]

Thanks for pointing this out. We'll fix it for the next release by raising the limit to 1024.

Cheers,

Kendall

--
-- --
You received this message because you are subscribed to the C&P "Stardog" group.
To post to this group, send email to sta...@clarkparsia.com
To unsubscribe from this group, send email to
stardog+u...@clarkparsia.com
For more options, visit this group at
http://groups.google.com/a/clarkparsia.com/group/stardog?hl=en

[Gustave Monod]

Thanks!