[RCD] Password charset

Thomas Bruederli roundcube at gmail.com
Tue Feb 23 13:32:44 CET 2010


On Mon, Feb 22, 2010 at 16:04, A.L.E.C <alec at alec.pl> wrote:
> In login process Roundcube converts password input to ISO-8859-1 which
> is wrong because it's not possible to use characters that are not
> convertable to ISO-8859-1, which of course may be confusing for users.
> Also user will be not able to use password set via Roundcube password
> plugin in other client. Another issue would be if someone uses clear
> text passwords in (unicode) database, postgres will not store text
> encoded in non-unicode encoding.

I think it depends on the IMAP backend whether unicode passwords are
accepted. The conversion to ISO-Latin was inserted because of some
backend problems. For best support we maybe need the admin to specify
which backend is used.
>
> My opinion is that in Roundcube login process we should convert password
> to ASCII and in Password plugin we should make sure that user is using
> only printable ASCII characters. What do you think?

This only partially solves the problem. Many users already have a
password to their IMAP account which can contain non-ascii chars.
Therefore it's dangerous just to convert all incoming passwords to
ascii.

~Thomas
_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list