I am going to email a copy of that ebook to my client. I just want to let you all know I am also against doing this, but it is my client that wants it.
Thanks Sam L. On 04/01/2011 12:15 PM, Richard Morgan wrote: > My quick dig shows that this question was raised about a year ago - I'd > already done some looking into it, so I'll repost the same answer (apologies > as my original answer was posted on a Saturday with a beer in hand). > > I've since found that some updates to BX either reset this tweak or prevent > it completely, but it might be a nudge forwards. > > As a by the way, I once had a site compromised caused by user 'stephen' who > had a password of, yes, the same - the 2Gb hosting space was full of all > manner of iffy clutter. This was BQ though, not BX. I would never want > simple passwords on a live box - I only tweaked it for my local home/test > box. > > HTH > > Richard > > --- original post from April 2010 --- > > OK, I'll start with a disclaimer... strong password checking is a damn good > thing and the guys or girls that put it together did a mighty fine job at > helping to keep our boxes secure. > > However, if for some reason outside the realm of normal mortal thinking it > is necessary to disable it... try the following: > > su - > pico /usr/sausalito/ui/web/uifc/check_password.php > > There is a line that says: > > $password = $_POST["password"]; > > Directly under it and before the $dictionary... line, add the following to > overwrite the variable with a strong password. Such as: > > $password = "fl1pp1nL0ngP855w0rd"; > > Exit pico, save and password checking is disabled. It might get overwritten > during an update so don't be surprised if it suddenly works again. > > There's a good little ebook floating around called 'nix_intrusion.pdf' > (Google knows it). You might want to keep it handy :o) > > Hope this helps. > > Richard > > > > > ----- Original Message ----- > From: "Samuel Lentz"<[email protected]> > To: "BlueOnyx General Mailing List"<[email protected]> > Sent: Friday, April 01, 2011 3:46 PM > Subject: [BlueOnyx:06857] Re: Disable Strong Passwords > > >> On 04/01/2011 10:17 AM, Chris Gebhardt - VIRTBIZ Internet wrote: >>> Samuel Lentz wrote: >>>> I have done is once before but have forgotten how. >>>> >>>> Dose anyone know the location of the file that needs to be edited to >>>> disable strong passwords for users? >>> Just set everything to "password". That ought to fix it. :0 >>> >>> Honestly, the strong password requirement has been one of the best >>> implementations on the BlueOnyx project yet. I know it frustrates the >>> lazy, but it also helps to prevent them from allowing the box to get >>> compromised. >>> >>> Before you keep digging on the how-to, you really need to evaluate - >>> again - do you REALLY want to (because the only responsible answer is >>> that no, you do not.) >>> >> I am all for the strong passwords. I like the strong passwords. It is >> our client that needs the passwords to be week and puney. I did talks >> about it for about an hour that they insist on it. >> >> >> _______________________________________________ >> Blueonyx mailing list >> [email protected] >> http://www.blueonyx.it/mailman/listinfo/blueonyx > _______________________________________________ > Blueonyx mailing list > [email protected] > http://www.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
