Hi, Also to consider that such validation should not occur when logins & passwords are managed via an external source like LDAP for example.
Alain. ----- Mail original ----- De: "Franck Villaume" <franck.villa...@trivialdev.com> À: fusionforge-general@lists.fusionforge.org Envoyé: Mercredi 10 Août 2016 07:31:09 Objet: Re: [Fusionforge-general] fusionforge account password validation Le 08/08/2016 à 17:05, Matthieu Imbert a écrit : > Hello, Hi, > > Currently, there is no validation mechanism for user passwords, except > checking that they are at least 6 characters long. This allows very > weak passwords to be used, this can be a security issue. In the master branch, password must be 8 characters long. > > We (inria) would like to add at least some basic password validation. +1 > > I've added simple password validation which ensures that passwords > contain at least one lower case letter, one upper case, one digit, and > one non-alphanumeric char. This is checked both when creating an > account or when changing an account's password. Additionally, as this > may cause some problems for particular fusionforge instances, I've > added a config option (check_password_strength boolean) to deactivate > this validation. > > patch attached. Could you rebase your patch against latest master? Then could you create a "feature request" artifact and attach your patch? I will take a look after my vacation :-) Meaning: end of August. Regards, Franck -- TrivialDev Founder http://trivialdev.com _______________________________________________ Fusionforge-general mailing list Fusionforge-general@lists.fusionforge.org http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general _______________________________________________ Fusionforge-general mailing list Fusionforge-general@lists.fusionforge.org http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
