Hi Laszlo, Any comments on the below? I agree adding 3 characters is a bug and willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for the config value vm.password.length. Any objections to setting the minimum to 8, the previous default? Thanks Amogh On 10/13/14 5:34 PM, "Ian Duffy" <i...@ianduffy.ie> wrote: >The only other usage of it is within >server/src/com/cloud/server/ConfigurationServerImpl.java >Its used for creating a Secondary storage vm copy password. > >I'm seeing absolutely no reason why we have 3 values going in no matter >what, I'm willing to say its a bug. I'm curious to why the tests are >written to deal with it though.... > >On 14 October 2014 00:26, Nux! <n...@li.nux.ro> wrote: > >> Well, it's a bit messy, but still better than the old password length. >> Ideally this should get clarified/fixed, but for now I am happy with my >> long+3 password! :) >> >> >> Cheers, >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> ----- Original Message ----- >> > From: "Ian Duffy" <i...@ianduffy.ie> >> > To: "CloudStack Dev" <dev@cloudstack.apache.org> >> > Cc: "laszlo hornyak" <laszlo.horn...@gmail.com> >> > Sent: Monday, 13 October, 2014 19:54:53 >> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT >> >> > Hey Nux, >> > >> > So I passed this work off to a util class that was already present in >>the >> > code base "PasswordGenerator" >> > >> > @Override >> > public String generateRandomPassword() { >> > Integer passwordLength = >> > Integer.parseInt(_configDao.getValue("vm.password.length")); >> > return >>PasswordGenerator.generateRandomPassword(passwordLength); >> > } >> > >> > Not a clue why but the generateRandomPassword method creates a random >> > 3-character string first then loops through to generate n random >> characters. >> > >> > public static String generateRandomPassword(int num) { >> > Random r = new SecureRandom(); >> > StringBuilder password = new StringBuilder(); >> > >> > // Generate random 3-character string with a lowercase >>character, >> > // uppercase character, and a digit >> > >> > >> >>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r) >>).append(generateDigit(r)); >> > >> > // Generate a random n-character string with only lowercase >> > // characters >> > for (int i = 0; i < num; i++) { >> > password.append(generateLowercaseChar(r)); >> > } >> > >> > return password.toString(); >> > } >> > >> > The unit tests seem to accommodate for this aswell: >> > >> > // actual length is requested length + 3 >> > >> > >>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() == >> > 3); >> > >> > >>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() == >> > 4); >> > >> > I'm guessing there's some reasoning for this.... CCing Laszlo who >> according >> > to git log did some work on this class. >> > >> > Thanks, >> > >> > Ian >> > >> > On 13 October 2014 19:39, Nux! <n...@li.nux.ro> wrote: >> > >> >> Hello, >> >> >> >> First of all "THANKS!" to whoever made this feature happen (Ian I >> guess). >> >> Now we can set more secure passwords generated for our instances. >> >> >> >> Second, the feature works, but with a small glitch, the number seems >>to >> be >> >> affected by some sort of offset. I.e. if I set the password to be 15 >> chars >> >> in length then the generated password will actually be 18 chars. >> >> In order to get a 15 chars long passwd I had to set >>vm.password.length >> to >> >> 12. Bug or feature? :) >> >> >> >> >> >> Lucian >> >> >> >> -- >> >> Sent from the Delta quadrant using Borg technology! >> >> >> >> Nux! >> >> www.nux.ro >>