10 Apr
2015
10 Apr
'15
10:09 p.m.
On Apr 10, 2015, at 12:14 AM, Steffen Kaiser skdovecot@smail.inf.fh-brs.de wrote:
pass"word
is no atom and Dovecot should reject it.
No, not passwords should be rejected.
Maybe the former version did not checked the atoms 100% RFC conform.
Where is the definition that passwords have to be atomic? And if it is there, it should be changed.
Nothing anywhere at anytime should care about the contents of a password once it passes basic “not password of monkey” complexity checks.
-- "You see, in this world there's two kinds of people, my friend: Those with loaded guns and those who dig. You dig."