[Fusionforge-general] fusionforge account password validation

Alain Peyrat aljeux at free.fr
Wed Aug 10 09:28:54 CEST 2016


Hi,

Also to consider that such validation should not occur when logins & passwords are managed via an external source like LDAP for example.

Alain.

----- Mail original -----
De: "Franck Villaume" <franck.villaume at trivialdev.com>
À: fusionforge-general at lists.fusionforge.org
Envoyé: Mercredi 10 Août 2016 07:31:09
Objet: Re: [Fusionforge-general] fusionforge account password validation

Le 08/08/2016 à 17:05, Matthieu Imbert a écrit :
> Hello,

Hi,

>
> Currently, there is no validation mechanism for user passwords, except 
> checking that they are at least 6 characters long. This allows very 
> weak passwords to be used, this can be a security issue.

In the master branch, password must be 8 characters long.

>
> We (inria) would like to add at least some basic password validation.

+1

>
> I've added simple password validation which ensures that passwords 
> contain at least one lower case letter, one upper case, one digit, and 
> one non-alphanumeric char. This is checked both when creating an 
> account or when changing an account's password. Additionally, as this 
> may cause some problems for particular fusionforge instances, I've 
> added a config option (check_password_strength boolean) to deactivate 
> this validation.
>
> patch attached.

Could you rebase your patch against latest master?
Then could you create a "feature request" artifact and attach your patch?

I will take a look after my vacation :-)
Meaning: end of August.


Regards,
Franck

-- 
TrivialDev Founder
http://trivialdev.com


_______________________________________________
Fusionforge-general mailing list
Fusionforge-general at lists.fusionforge.org
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general



More information about the Fusionforge-general mailing list