epugh commented on code in PR #4477:
URL: https://github.com/apache/solr/pull/4477#discussion_r3328757084
##########
solr/core/src/java/org/apache/solr/security/Sha256AuthenticationProvider.java:
##########
@@ -93,6 +93,7 @@ public void init(Map<String, Object> pluginConfig) {
@Override
public boolean authenticate(String username, String password) {
+ if (username.equals(password)) return false;
Review Comment:
I don't think us deciding what makes a good password or not is really up to
us. I know other projects have made the rules tighter as well, but just feels
like if we don't provide a really robust "this is how we let you define waht
password security you need to follow" that its just a slippery slope of "never
enough". How long a password should be? Should we we require special
characters? Can you reuse an old password? If I want "admin:admin", well so
be it. Having said all that, I may be in the minority here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
