URL:
  <http://gna.org/patch/?3386>

                 Summary: fcdb: move password policy from server to Lua script
                 Project: Freeciv
            Submitted by: jtn
            Submitted on: Sun Jul  8 15:19:08 2012
                Category: None
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 

    _______________________________________________________

Details:

Currently, all of the password policy is buried in the Freeciv server code,
but it seems like something a server operator might well want to customise.
For instance, the following are hardcoded in is_good_password():
* Minimum length 6 characters
* Restrictions on characters to printable and not certain kinds of
punctuation
* The server can enforce a minimum number of capital or numeric characters,
but right now it doesn't and requires a recompile to do so.

It seems to me that it would be better to move this sort of policy out from
is_good_password() etc into database.lua where it can be customised.

(This would mean the script handling plaintext passwords rather than MD5
hashes, but I'm fine with that. The script would probably also need access to
a MD5 and possibly other hash functions, but that should be achievable.)

(Other aspects like the number of retries -- currently 3 -- could in theory be
customisable, but that would require more state in the script.)




    _______________________________________________________

Reply to this item at:

  <http://gna.org/patch/?3386>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to