Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can log in with blank password #4

Open
icydee opened this issue Jun 26, 2016 · 2 comments
Open

Can log in with blank password #4

icydee opened this issue Jun 26, 2016 · 2 comments
Labels
bug

Comments

@icydee
Copy link
Member

icydee commented Jun 26, 2016

With new accounts it is possible to log in with a blank password.

To reproduce

  1. Register with a new username and email address
  2. Go to login screen, enter username but leave password blank.
  3. Login is successful

This is because when the user account is created it has a blank password.

To fix. Create a random password in the registration process
@icydee icydee added the bug label Jun 26, 2016
@aa153
Copy link

aa153 commented Jul 14, 2016

maybe force new player to create password when he registers?

@dmcbride
Copy link
Member

Creating a random password and emailing it to them is both more secure and ensures that the email address is valid. It's more secure partly because we've already written it down for them - they can change it later, but if they forget, it's in their inbox. And then if they still forget, we definitely can email them a replacement key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@icydee @dmcbride @aa153