[jitsi-dev] Bugs when creating account


#1

I'm reporting two potential bugs.

1. It looks like the captcha field on www.jit.si is currently
unfunctional and prevents the creation of new accounts. I can recreate
the issue on several OS's and in several browsers.

2. When trying to create an account directly from Jitsi I receive this
message.
�Unknown XMPP error (No response from server.). Verify that the server
name is correct.�
The server name is jit.si and again I have observed this on several
platforms.

The latter issue seems to be related to the password. I tried
initially with a "63 random printable ASCII characters" from
grc.com/passwords and could never create the account. When finally
trying with a short password with no special characters the account
was created.

I hope this information is useful, and that you can find the time to
look into it. I will gladly assist with further troubleshooting if needed.

- --
Kind regards
Anders


#2

Perhaps I should share this on the users mailing list as well. Would
be interesting if someone else can recreate the issues.

- -------- Original Message --------

···

Subject: [jitsi-dev] Bugs when creating account
Date: Fri, 02 May 2014 20:03:15 +0200
From: PrivacyDefence <webmaster@privacydefence.org>
Reply-To: Jitsi Developers <dev@jitsi.org>
To: dev@jitsi.org

I'm reporting two potential bugs.

1. It looks like the captcha field on www.jit.si is currently
unfunctional and prevents the creation of new accounts. I can recreate
the issue on several OS's and in several browsers.

2. When trying to create an account directly from Jitsi I receive this
message.
�Unknown XMPP error (No response from server.). Verify that the server
name is correct.�
The server name is jit.si and again I have observed this on several
platforms.

The latter issue seems to be related to the password. I tried
initially with a "63 random printable ASCII characters" from
grc.com/passwords and could never create the account. When finally
trying with a short password with no special characters the account
was created.

I hope this information is useful, and that you can find the time to
look into it. I will gladly assist with further troubleshooting if needed.


#3

Hi,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm reporting two potential bugs.

1. It looks like the captcha field on www.jit.si is currently
unfunctional and prevents the creation of new accounts. I can recreate
the issue on several OS's and in several browsers.

Cannot reproduce this. It is currently working without a problem.

2. When trying to create an account directly from Jitsi I receive this
message.
“Unknown XMPP error (No response from server.). Verify that the server
name is correct.”
The server name is jit.si and again I have observed this on several
platforms.

Same here, the account was created successfully, maybe a temporally or
local issue with DNS records.

The latter issue seems to be related to the password. I tried
initially with a "63 random printable ASCII characters" from
grc.com/passwords and could never create the account. When finally
trying with a short password with no special characters the account
was created.

This is a known issue with the Openfire we are currently using. Too
long passwords are trimmed without any error or notification for that.

Regards
damencho

···

On Fri, May 2, 2014 at 9:03 PM, PrivacyDefence <webmaster@privacydefence.org> wrote:

I hope this information is useful, and that you can find the time to
look into it. I will gladly assist with further troubleshooting if needed.

- --
Kind regards
Anders

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTY93jAAoJEKfAPQIYEF1iCEEQAJB5Tms/EIcTPnAMWXDAaKmj
HBVbnDkE8xA3qpLHlot3bpRAXVKJ+cicMLSa2EjjU1xXoA4CSlOofAFyCGsmGorB
dtPDyHvhlfWL8AjZjLt9vIsjT54pSJYX303BzKiT0h6Fh9Yr3mynp+jR+qqg/g68
ceJ4FnjhJOjzHYe5ueRwz8CSFIQUtICkEe5RVuIWGdwr53bZYunn4p+9f7xFhMKp
0Jyj44opwI/x7FISULG1ZcpC5BDs/56N8qdBVEfPQMXXUmmtVBw6rywFDkQ7shbh
M+Q8tlQcQrQQg5XeDp7Z8uR4J5+i+T0HVo0Dj1t+XHe5Eh4LfvWxEmJk9UBEEmKU
vktMU5TQduiUFkFhEFmnGcCgvJcYfRoREBVVU5trJObSu8pieR8zUI0uRP6FmhCC
gqxAWUIvq8nlbSnYlSwoxZAF6O/otz+mvrG7bJ4vMS1Nb7lNqIMZ0AFHdhVx0MnD
Hf2LDouhjMJpmeK2Dj3iUh7zS7rDnEm3zlP6sEuqig8Aix5K2a0psaiTCqt1WQto
PwERJrpm/2+5hZPBagze7XcKLuA+xoAcIFdknFSgyyqueE2xTO9oOQQweHYITWR3
EEo++6tFJRg31s41ds20X8fyjGhMLjvQ+BXXBk8LCI2y8FaHUcrF7zmUSLz77cFT
9tF1w3HrVZMrA7oA+YSU
=RBlr
-----END PGP SIGNATURE-----

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#4

Thanks for responding damencho, and for attempting to recreate the issues.

Regarding the captcha I can still reproduce it at will. If fact, In my
testing it has failed every single time. I just tried again with the
same result. Quite strange. When I get the chance I will try from yet
another computer on a different physical location in order to completely
rule out a local network issue.

Quote: “This is a known issue with the Openfire we are currently using.
Too long passwords are trimmed without any error or notification for that.”

I don't mind so much that a 63 character password is not allowed. What I
suggest is that Jitsi tells the user about it (if at all possible?).

What causes frustration and wasted time, and may get some users to
forget about Jitsi, is that you don't know what went wrong. Was the
password too long? If so, how many characters are allowed? Is the
limitation caused by the typical reason of saving the password on the
server in clear text with an input field of some limited length (so bad
security practice)? Or was the password length okay, but the password
containing some special character that is not allowed? And if so, which
characters are and are not allowed?

Most other sites and applications inform the user of such limitations to
the passwords that can be used. And most have no problems with the
mentioned 63 character passwords from grc.com/passwords. I think we can
make Jitsi more user friendly by doing the same.

So if the user tries to create an account with an “illegal” password,
how about bringing up a message box stating the limitations to the
allowed passwords?
If that is technically possible at all, I would suggest putting in on a
list of improvements for a future version of Jitsi.

Once again, thanks for the response and the work you do with Jitsi. I
hope you find my suggestion worth considering.

Also, can you let me know about the exact password requirements? Jitsi
is recommended on our website and we would like to inform our users.

···

On 07-05-2014 09:15, Damian Minkov wrote:

Hi,

On Fri, May 2, 2014 at 9:03 PM, PrivacyDefence > <webmaster@privacydefence.org> wrote:
I'm reporting two potential bugs.

1. It looks like the captcha field on www.jit.si is currently
unfunctional and prevents the creation of new accounts. I can recreate
the issue on several OS's and in several browsers.

Cannot reproduce this. It is currently working without a problem.

2. When trying to create an account directly from Jitsi I receive this
message.
“Unknown XMPP error (No response from server.). Verify that the server
name is correct.”
The server name is jit.si and again I have observed this on several
platforms.

Same here, the account was created successfully, maybe a temporally or
local issue with DNS records.

The latter issue seems to be related to the password. I tried
initially with a "63 random printable ASCII characters" from
grc.com/passwords and could never create the account. When finally
trying with a short password with no special characters the account
was created.

This is a known issue with the Openfire we are currently using. Too
long passwords are trimmed without any error or notification for that.

Regards
damencho

I hope this information is useful, and that you can find the time to
look into it. I will gladly assist with further troubleshooting if needed.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Hi,

Thanks for responding damencho, and for attempting to recreate the issues.

Regarding the captcha I can still reproduce it at will. If fact, In my
testing it has failed every single time. I just tried again with the
same result. Quite strange. When I get the chance I will try from yet
another computer on a different physical location in order to completely
rule out a local network issue.

Quote: “This is a known issue with the Openfire we are currently using.
Too long passwords are trimmed without any error or notification for that.”

I don't mind so much that a 63 character password is not allowed. What I
suggest is that Jitsi tells the user about it (if at all possible?).

Ok, I agree. Will check the supported length and will add this to the
http://jit.si site.

What causes frustration and wasted time, and may get some users to
forget about Jitsi, is that you don't know what went wrong. Was the
password too long? If so, how many characters are allowed? Is the
limitation caused by the typical reason of saving the password on the
server in clear text with an input field of some limited length (so bad
security practice)? Or was the password length okay, but the password
containing some special character that is not allowed? And if so, which
characters are and are not allowed?

Most other sites and applications inform the user of such limitations to
the passwords that can be used. And most have no problems with the
mentioned 63 character passwords from grc.com/passwords. I think we can
make Jitsi more user friendly by doing the same.

So if the user tries to create an account with an “illegal” password,
how about bringing up a message box stating the limitations to the
allowed passwords?
If that is technically possible at all, I would suggest putting in on a
list of improvements for a future version of Jitsi.

Well this cannot be done in Jitsi, cause the server is not responding
in any way to this, no error or something. And there is no standard
way to understand what is going on. If we put a limitation in the
client, we will limit users that are using different servers which
handle long passwords.
Best thing to do is report this to the openfire community so they can fix this.

Regards
damencho

···

On Wed, May 7, 2014 at 11:32 AM, PrivacyDefence <webmaster@privacydefence.org> wrote:

Once again, thanks for the response and the work you do with Jitsi. I
hope you find my suggestion worth considering.

Also, can you let me know about the exact password requirements? Jitsi
is recommended on our website and we would like to inform our users.

On 07-05-2014 09:15, Damian Minkov wrote:

Hi,

On Fri, May 2, 2014 at 9:03 PM, PrivacyDefence >> <webmaster@privacydefence.org> wrote:
I'm reporting two potential bugs.

1. It looks like the captcha field on www.jit.si is currently
unfunctional and prevents the creation of new accounts. I can recreate
the issue on several OS's and in several browsers.

Cannot reproduce this. It is currently working without a problem.

2. When trying to create an account directly from Jitsi I receive this
message.
“Unknown XMPP error (No response from server.). Verify that the server
name is correct.”
The server name is jit.si and again I have observed this on several
platforms.

Same here, the account was created successfully, maybe a temporally or
local issue with DNS records.

The latter issue seems to be related to the password. I tried
initially with a "63 random printable ASCII characters" from
grc.com/passwords and could never create the account. When finally
trying with a short password with no special characters the account
was created.

This is a known issue with the Openfire we are currently using. Too
long passwords are trimmed without any error or notification for that.

Regards
damencho

I hope this information is useful, and that you can find the time to
look into it. I will gladly assist with further troubleshooting if needed.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#6

Most excellent damencho, thank you. I'm looking forward to knowing the
allowed password length along with any potential limitations in chosen
characters.

As for the captcha I have now tried on a computer that is not mine, from
a different network, in a different geographical location, and with
another Windows OS. Same result in several browsers. I simply cannot
create an account on jit.si on any system that I touch, not even on a
clean install of Windows.

However, I have also asked a friend of mine to try on his computer. It
worked for him! I really can't explain this, but if no one else can
reproduce the issue I agree that we should leave it for now.

···

On 07-05-2014 10:45, Damian Minkov wrote:

Hi,

On Wed, May 7, 2014 at 11:32 AM, PrivacyDefence > <webmaster@privacydefence.org> wrote:

Thanks for responding damencho, and for attempting to recreate the issues.

Regarding the captcha I can still reproduce it at will. If fact, In my
testing it has failed every single time. I just tried again with the
same result. Quite strange. When I get the chance I will try from yet
another computer on a different physical location in order to completely
rule out a local network issue.

Quote: “This is a known issue with the Openfire we are currently using.
Too long passwords are trimmed without any error or notification for that.”

I don't mind so much that a 63 character password is not allowed. What I
suggest is that Jitsi tells the user about it (if at all possible?).

Ok, I agree. Will check the supported length and will add this to the
http://jit.si site.

What causes frustration and wasted time, and may get some users to
forget about Jitsi, is that you don't know what went wrong. Was the
password too long? If so, how many characters are allowed? Is the
limitation caused by the typical reason of saving the password on the
server in clear text with an input field of some limited length (so bad
security practice)? Or was the password length okay, but the password
containing some special character that is not allowed? And if so, which
characters are and are not allowed?

Most other sites and applications inform the user of such limitations to
the passwords that can be used. And most have no problems with the
mentioned 63 character passwords from grc.com/passwords. I think we can
make Jitsi more user friendly by doing the same.

So if the user tries to create an account with an “illegal” password,
how about bringing up a message box stating the limitations to the
allowed passwords?
If that is technically possible at all, I would suggest putting in on a
list of improvements for a future version of Jitsi.

Well this cannot be done in Jitsi, cause the server is not responding
in any way to this, no error or something. And there is no standard
way to understand what is going on. If we put a limitation in the
client, we will limit users that are using different servers which
handle long passwords.
Best thing to do is report this to the openfire community so they can fix this.

Regards
damencho

Once again, thanks for the response and the work you do with Jitsi. I
hope you find my suggestion worth considering.

Also, can you let me know about the exact password requirements? Jitsi
is recommended on our website and we would like to inform our users.

On 07-05-2014 09:15, Damian Minkov wrote:

Hi,

On Fri, May 2, 2014 at 9:03 PM, PrivacyDefence >>> <webmaster@privacydefence.org> wrote:
I'm reporting two potential bugs.

1. It looks like the captcha field on www.jit.si is currently
unfunctional and prevents the creation of new accounts. I can recreate
the issue on several OS's and in several browsers.

Cannot reproduce this. It is currently working without a problem.

2. When trying to create an account directly from Jitsi I receive this
message.
“Unknown XMPP error (No response from server.). Verify that the server
name is correct.”
The server name is jit.si and again I have observed this on several
platforms.

Same here, the account was created successfully, maybe a temporally or
local issue with DNS records.

The latter issue seems to be related to the password. I tried
initially with a "63 random printable ASCII characters" from
grc.com/passwords and could never create the account. When finally
trying with a short password with no special characters the account
was created.

This is a known issue with the Openfire we are currently using. Too
long passwords are trimmed without any error or notification for that.

Regards
damencho

I hope this information is useful, and that you can find the time to
look into it. I will gladly assist with further troubleshooting if needed.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev