[RCD] Password charset

A.L.E.C alec at alec.pl
Tue Feb 23 13:41:21 CET 2010


Thomas Bruederli wrote:

> I think it depends on the IMAP backend whether unicode passwords are
> accepted. The conversion to ISO-Latin was inserted because of some
> backend problems. For best support we maybe need the admin to specify
> which backend is used.
>> My opinion is that in Roundcube login process we should convert password
>> to ASCII and in Password plugin we should make sure that user is using
>> only printable ASCII characters. What do you think?
> 
> This only partially solves the problem. Many users already have a
> password to their IMAP account which can contain non-ascii chars.
> Therefore it's dangerous just to convert all incoming passwords to
> ascii.

Yes, that's right, but we need a consistent behavior in password plugin 
and Roundcube. Imagine a password "żyła" (Polish), it will be converted 
to "zyla" in latin1. So, currently if I set this password in Roundcube, 
I will be not able to log in. If I modify password plugin to convert 
password to latin1 as Roundcube does, I'll able to log in in Roundcube, 
but probably not in other client until I know what conversion is used. I 
know, but my users doesn't.

Maybe we should use password "as is" in UTF-8. If someone needs a 
conversion would use 'authenticate' hook or we'd provide config option 
'password_charset'. This would be a regression but we need to do something.

-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
_______________________________________________
List info: http://lists.roundcube.net/dev/


More information about the Dev mailing list