[Fusionforge-general] fusionforge account password validation
Alain Peyrat
aljeux at free.fr
Wed Aug 10 09:28:54 CEST 2016
Hi,
Also to consider that such validation should not occur when logins & passwords are managed via an external source like LDAP for example.
Alain.
----- Mail original -----
De: "Franck Villaume" <franck.villaume at trivialdev.com>
À: fusionforge-general at lists.fusionforge.org
Envoyé: Mercredi 10 Août 2016 07:31:09
Objet: Re: [Fusionforge-general] fusionforge account password validation
Le 08/08/2016 à 17:05, Matthieu Imbert a écrit :
> Hello,
Hi,
>
> Currently, there is no validation mechanism for user passwords, except
> checking that they are at least 6 characters long. This allows very
> weak passwords to be used, this can be a security issue.
In the master branch, password must be 8 characters long.
>
> We (inria) would like to add at least some basic password validation.
+1
>
> I've added simple password validation which ensures that passwords
> contain at least one lower case letter, one upper case, one digit, and
> one non-alphanumeric char. This is checked both when creating an
> account or when changing an account's password. Additionally, as this
> may cause some problems for particular fusionforge instances, I've
> added a config option (check_password_strength boolean) to deactivate
> this validation.
>
> patch attached.
Could you rebase your patch against latest master?
Then could you create a "feature request" artifact and attach your patch?
I will take a look after my vacation :-)
Meaning: end of August.
Regards,
Franck
--
TrivialDev Founder
http://trivialdev.com
_______________________________________________
Fusionforge-general mailing list
Fusionforge-general at lists.fusionforge.org
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
More information about the Fusionforge-general
mailing list