Re: [qmailtoaster] password complexity and length

[Gary Bowling]

Thanks, I made the modifications and I get the note in qmailadmin and it lists whether my password is weak,strong,etc. However, it still allows me to put in a non-secure password and accepts it. How do I make it "fail" on a password that doesn't meet the requirements? By the way, I think this should be the default in the qmailadmin code. Thanks, Gary On 4/5/2018 10:04 AM, Jeff Koch wrote: Sorry - I left out this piece of code - goes right before the code that says password2. It's been 10 years since we looked at this.                                 <tr>                                   <td align="right" class="style1">##X110:</td>                                   <td align="left" class="style1">                                     <input type="password" name="password1" maxlength=128 size=16 id="pass" _onkeyup_="passwordStrength(this.value)">                                   </td>                                 </tr> Jeff On 4/5/2018 9:55 AM, Jeff Koch wrote: Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to add similar _javascript_.to 'add_user.html'. You can do the same in squirrelmail if you can find the correct place to slug in the _javascript_. The code analyzes text entered in the input field  'password' and grays out the submit button until the password meets the test criteria. It's pretty basic code and I'm sure _javascript_ experts could do a lot to improve it and give more clues to the users. Once of the problems with messing with the templates is that there is no table defining the hash mark codes like ##tt ##tu ##X251. If anyone has a cheat sheet please share. Jeff On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert _javascript_ password rules in the html code templates for qmailadmin. Here's a simple password strength _javascript_ that goes in the top of mod_user.html <script> function passwordStrength(password) {         var desc = new Array();         desc[0] = "Very Weak";         desc[1] = "Weak";         desc[2] = "Better";         desc[3] = "Medium";         desc[4] = "Strong";         desc[5] = "Strongest";         var score   = 0;         //if password bigger than 7 give 1 point         if (password.length > 7) score++;         //if password has both lower and uppercase characters give 1 point         if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;         //if password has at least one number give 1 point         if (password.match(/\d+/)) score++;         //if password has at least one special characther give 1 point         if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;         //if password bigger than 12 give another 1 point         if (password.length > 12) score++;          document.getElementById("passwordDescription").innerHTML = desc[score];          document.getElementById("passwordStrength").className = "strength" + score;          if (score > 2 ) {            document.getElementById("btnSubmit").disabled = false;          }else{            document.getElementById("btnSubmit").disabled = true;          }          return score; } </script> then further along in the code we have:                                   <td align="left" class="style1">                                     <input type="password" name="password2" maxlength=128 size=16>                                   </td>                                 </tr>                       <tr>                         <td align=right><span class="style1">Password strength:</span></td>                         <td align="left"><span class="style1"><div id="passwordDescription">Password not entered</div></td>                       </tr>                       <tr>                         <td align=right><span class="style1"></span></td>                         <td align="left"><span class="style1">                         <div id="passwordStrength" class="strength0"></div>                         <br>                         </td>                       </tr> <tr><td colspan=2 align=left> <span class="style1">Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters.</span> </td></tr> Regards, Jeff On 4/4/2018 6:51 PM, Gary Bowling wrote: Last time I checked it was either not possible or not easy to implement password rules one the toaster. But that was a long time ago. Has anything changed in that regard? -- ____________________ Gary Bowling --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com