Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for the
config value vm.password.length. Any objections to setting the minimum to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, "Ian Duffy" <i...@ianduffy.ie> wrote:
>The only other usage of it is within
>server/src/com/cloud/server/ConfigurationServerImpl.java
>Its used for creating a Secondary storage vm copy password.
>
>I'm seeing absolutely no reason why we have 3 values going in no matter
>what, I'm willing to say its a bug. I'm curious to why the tests are
>written to deal with it though....
>
>On 14 October 2014 00:26, Nux! <n...@li.nux.ro> wrote:
>
>> Well, it's a bit messy, but still better than the old password length.
>> Ideally this should get clarified/fixed, but for now I am happy with my
>> long+3 password! :)
>>
>>
>> Cheers,
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> ----- Original Message -----
>> > From: "Ian Duffy" <i...@ianduffy.ie>
>> > To: "CloudStack Dev" <dev@cloudstack.apache.org>
>> > Cc: "laszlo hornyak" <laszlo.horn...@gmail.com>
>> > Sent: Monday, 13 October, 2014 19:54:53
>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>
>> > Hey Nux,
>> >
>> > So I passed this work off to a util class that was already present in
>>the
>> > code base "PasswordGenerator"
>> >
>> > @Override
>> > public String generateRandomPassword() {
>> > Integer passwordLength =
>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
>> > return
>>PasswordGenerator.generateRandomPassword(passwordLength);
>> > }
>> >
>> > Not a clue why but the generateRandomPassword method creates a random
>> > 3-character string first then loops through to generate n random
>> characters.
>> >
>> > public static String generateRandomPassword(int num) {
>> > Random r = new SecureRandom();
>> > StringBuilder password = new StringBuilder();
>> >
>> > // Generate random 3-character string with a lowercase
>>character,
>> > // uppercase character, and a digit
>> >
>> >
>>
>>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)
>>).append(generateDigit(r));
>> >
>> > // Generate a random n-character string with only lowercase
>> > // characters
>> > for (int i = 0; i < num; i++) {
>> > password.append(generateLowercaseChar(r));
>> > }
>> >
>> > return password.toString();
>> > }
>> >
>> > The unit tests seem to accommodate for this aswell:
>> >
>> > // actual length is requested length + 3
>> >
>> >
>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
>> > 3);
>> >
>> >
>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
>> > 4);
>> >
>> > I'm guessing there's some reasoning for this.... CCing Laszlo who
>> according
>> > to git log did some work on this class.
>> >
>> > Thanks,
>> >
>> > Ian
>> >
>> > On 13 October 2014 19:39, Nux! <n...@li.nux.ro> wrote:
>> >
>> >> Hello,
>> >>
>> >> First of all "THANKS!" to whoever made this feature happen (Ian I
>> guess).
>> >> Now we can set more secure passwords generated for our instances.
>> >>
>> >> Second, the feature works, but with a small glitch, the number seems
>>to
>> be
>> >> affected by some sort of offset. I.e. if I set the password to be 15
>> chars
>> >> in length then the generated password will actually be 18 chars.
>> >> In order to get a 15 chars long passwd I had to set
>>vm.password.length
>> to
>> >> 12. Bug or feature? :)
>> >>
>> >>
>> >> Lucian
>> >>
>> >> --
>> >> Sent from the Delta quadrant using Borg technology!
>> >>
>> >> Nux!
>> >> www.nux.ro
>>
