Hello,
I just found out that Stardog has a 20 char. max password limit. Not only is it the default max value, but it is also impossible to set a higher max length.
june 23, 2014 5:13:16 PM com.complexible.stardog.security.impl.DefaultPasswordPolicyEnforcer$1 validate
SEVERE: Configuration for Max password length is not valid, it must be between 1 and 20, [Max=512], using default.
Why would you want that? I understand that there would be a limit (say, 256 or 512) in order to avoid DoS attacks, but still, TWENTY CHARS?
That doesn't make sense to me. If you REALLY can't afford to have passwords longer than 20 characters, then at least could you explain to me why you made this choice?
See also:
http://stackoverflow.com/questions/98768/should-i-impose-a-maximum-length-on-passwords