How many characters are allowed in web passwords (Legacy KB ID CNC TS34000 )

Document ID : KB000052005
Last Modified Date : 14/02/2018
Show Technical Document Details
The number of characters for passwords is limited to eight.


The limitation of 8 characters is an Apache limitation with the basic authentication mechanism that eHealth uses.



Related Issues/Questions:
How many characters are allowed in web passwords
Is there a limit to the number of characters used for a password
Cannot successfully login to web after creating new user
Cannot log in to web after upgrading

Problem Environment:

eHealth 6.1.2

Causes of this problem:
The Apache limitation is really for UNIX only. The OneClick UI also imposes this limitation. If you go further 
back in eHealth when user administration was on the web and not in OneClick, the web UI DID have a limitation.


It actually had a  limitation of 9 characters in the web UI, but this was a bug. It really only should have been 8.


When the user administration was moved to OneClick, the UI allowed up to 50 characters. This was a bug.
Anything you type past 8 characters is ignored by Apache (at least on UNIX).


The OneClick UI was fixed to put back the limitation of 8. It was a bug to allow users to put more than 8 characters to begin with. 
On Windows, if one had taken advantage of the UI bug and set the password to more than 8 characters, it did work and will continue to do
so. But now that we have fixed that bug, when an attempt is made to change the password, the UI will only allow up to 8 characters for the new 
password.




(Legacy KB ID CNC TS34000 )