FTP Usernames (and Passwords) unexpectedly and silently truncated

[trs998]

When a ftp username is entered, the entry is accepted but when inserted into the database the database has a varchar(20) field for both username and password(!) - so truncates the entry. This is quite short, particularly if, for example, the domain name is used.

Simply changing the FTP username and password fields in the database to varchar(100) would sort this out, and for bonus points restrict the entry on the php side using a maxlength="100" tag on the fields (and php verification so the user knows if for some reason they or their browser ignores that)

[MBlagui]

varchar(100) for a user name too long..........we should synchro the form with DB allowed lenght here

[allebb]

Personally I think that 20 characters for FTP username is fine - Anyone want to make suggestion as to how long you would like us to increase this by? - Personally I think I'd have reservations if we increased to over 35 characters... Any feedback/suggestions?

[trs998]

I think 20 characters is too short, and 100 possibly acceptable. It's common to use a domain name as a ftp username for a customer. Four places to sync the length: 1) maxlength in form field 2) form validation on submit 3) accounts table in dB 4) live accounts table (currently disagrees with length in 3 and silently truncates)

As far as I see there is no downside, so long as final ftp software supports it, of setting all four values to 250. Does proftpd cap length of username or password, and what to?

[allebb]

@trs998 seriously 250?? lol

I personally think that the display of usernames that are >= 100 character would be bad enough (wrapping around and look stupid in the panel etc).

I would like to propose that we set the limit to 50 (to take into account domain names being used for FTP accounts) - I may have to throw my toys out of the pram if we go for a username of greater than 100 characters as that is just ridiculous!

[trs998]

You have a point in terms of ui display - I was thinking in terms of flexibility - why cap it when nothing needs that cap? However, wrapping a username or password is visually confusing so ideally avoided.

Changing ui and DB limits to 50 sounds like a reasonable compromise. Need to edit form validation to block username and passwords of greater than can be stored in the db - otherwise the user never knows their username or password has been stored incorrectly so it just mysteriously doesn't work.

[allebb]

Limit has now been increased to 50 characters in both the HTML input boxes and database columns. I've made the required DB schema changes in both the installer and upgrade SQL scripts that sit in our sentora-installers repo.