[BlueOnyx:24047] 5210R: GUI password check has been relaxed

[Michael Stauber]

Hi all,

I just published YUM updates for 5210R which relax the checks for input
of type "password". Passwords for Users and the servers MySQL password
may now contain:

Any alphanumeric character plus everything but " (double quotation marks).

The passwords for Vsite MySQL databases *still* require passwords of
type "alphanum_plus", which means letters, numbers plus a small subset
of special characters. This has been retained to minimize your support
overhead. Because eventually someone would put a $, " or @ into his
MySQL password and then his web application fails, because several of
the many popular webapps don't properly escape the MySQL password in
their config file(s).

The removal of the strict password checks in 5210R was possible, because
we no longer use the PHP Zend module cce.so to allow AdmServ's PHP to
communicate with CCEd. Instead a native PHP Class is used to provide
that functionality. The old cce.so had issues with several special
characters such as [, ], $, ", & and spaces in passwords. The PHP Class
that replaces cce.so doesn't have these limitations.

5209R and older still use cce.so, so this feature will not be backported.

-- 
With best regards

Michael Stauber