opendev/gerrit
Code Issues Proposed changes

Increase the size of HTTP passwords

Browse Source 
These passwords are generated on the server side, and a regular user
has no way of increasing their length unless they ask an admin which
is actually capable of setting them as an arbitrary string. The
default length of just 12 characters might not be that much by today's
standards. Password storage is cheap, and 31 random bytes mean 42
characters as a result, which is of course THE number to use.

Change-Id: If70bf233aeb34bce46aa5a7d56f3bd64e0d108f3
This commit is contained in:
Jan Kundrát
2014-10-03 21:58:19 +02:00
committed by David Pursehouse
parent 9f8a45f4cb
commit d1732a11bf
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Documentation/rest-api-accounts.txt
View File

@@ -269,7 +269,7 @@ Retrieves the HTTP password of an account.
Content-Type: application/json;charset=UTF-8
)]}'
"ETxgpih8xrNs"
"Qmxlc21ydCB1YmVyIGFsbGVzIGluIGRlciBXZWx0IQ"
----
If the account does not have an HTTP password the response is `404 Not Found`.

2
gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
View File

@@ -43,7 +43,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
public boolean generate;
}
private static final int LEN = 12;
private static final int LEN = 31;
private static final SecureRandom rng;
static {