I've already requested this in the bug tracker. Feel free to vote for it. It's been sitting there for five years though, so I wouldn't hold your breath :)
http://bugs.farcrycms.org/browse/FC-51 Deamon did however add a password hash, but I think they just used a standard md5 hash (which takes a whole .5 seconds to crack with a rainbow password DB - google around for any web-based one). The correct way to do it is with a random salt value (As I described in the feature request 5 years ago). Although the bug/feature request was closed and labeled "fixed", I'm sure someone could reopen it and request that it be fixed with a more solid solution. http://bugs.farcrycms.org/browse/FC-50 -- Jeff Coughlin Web Application Developer http://jeffcoughlin.com On May 10, 2010, at 11:25 AM, Phil Kemp wrote: > > Hi guys, > > I've been trying to work out how to make a user's password act a bit more > securely. I can't seem to work out where, if anywhere, I can add code that > will check, for example, the length, whether there are lower case letters, > numbers, etc. Has anyone else tried this before as I think it's an important > part of FarCry that is so far missing... unless it's been added to version 6 > (I'm running 5-2-2) > > Cheers, > Phil > -- > View this message in context: > http://old.nabble.com/User-Passwords-tp28512279s621p28512279.html > Sent from the FarCry - Dev mailing list archive at Nabble.com. > > -- > You received this message cos you are subscribed to "farcry-dev" Google group. > To post, email: [email protected] > To unsubscribe, email: [email protected] > For more options: http://groups.google.com/group/farcry-dev > -------------------------------- > Follow us on Twitter: http://twitter.com/farcry -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry
