https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617
--- Comment #18 from David Cook <[email protected]> --- (In reply to Fridolin SOMERS from comment #16) > > However Javascript doesn't seem to support POSIX > Ah ok good point. > > But why are öäåÄÖÅ not in : > if ( password_policy == 'complex' ){ > chars = > '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}! > @#$%^&*()_-+?'; > > In my opinion, for a heavy international software like Koha you may stick to > [a-zA-Z] as the only alphabetic characters. > > Or create lang-based policies complex-en, complex-fi ... Based on my earlier comment, especially regarding Red Hat's Keycloak password policies, I think that limiting to '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}!@#$%^&*()_-+?' might not be wise for a "complex" policy. Look at pam_cracklib too which is used by massive international Linux providers (https://linux.die.net/man/8/pam_cracklib and https://github.com/linux-pam/linux-pam/blob/master/modules/pam_cracklib/pam_cracklib.c). There complexity is determined by "minlen, maxclassrepeat, dcredit, ucredit, lcredit, and ocredit". Looking at https://github.com/linux-pam/linux-pam/blob/master/modules/pam_cracklib/pam_cracklib.c, it looks like the ctype library includes functions for isupper, islower, isdigit, etc. "ocredit" for "other characters" is just whatever isn't a digit, uppercase letter, or lowercase letter. The Javascript would be more verbose, but it should be doable using a similar algorithm. Chinese is probably still an issue if your password policy has uppercase and lowercase requirements, but that's probably why there are so many Chinese ASCII passwords as per my previous post, but Latin characters with diacritics should be fine using this kind of complexity. But... that's just my 2 cents. I'm not the one writing this patch. I also haven't extensively tested it, so maybe I'm missing the current point of the conversaton. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
