[Freeciv-Dev] [patch #3386] fcdb: move password policy from server to Lua script

2017-05-13 Thread Marko Lindqvist 
Update of patch #3386 (project freeciv):

Category:None => general
  Status:None => Duplicate  
 Assigned to:None => cazfi  
 Open/Closed:Open => Closed 

___

Follow-up Comment #2:

Handled at hostedredmine: https://www.hostedredmine.com/issues/660267

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [patch #3386] fcdb: move password policy from server to Lua script

2012-07-08 Thread Jacob Nevins 
Follow-up Comment #1, patch #3386 (project freeciv):

> The script would probably also need access to a MD5 and possibly 
> other hash functions, but that should be achievable.
Since I've had a quick look: MD5 is not in the Lua standard library, but
there's a third-party implementation .
However, it also comes with 56bit DES. We don't need it, but if we include it,
are we going to start having to faff with export control?
We could include it but chop out the DES (and provide a --use-system-lua-md5
for Debianistas).
Alternatively we could expose the current C implementation, but that only
exists in the server for auth anyway, and getting rid of it would remove a
warning (bug #18872).

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [patch #3386] fcdb: move password policy from server to Lua script

2012-07-08 Thread Jacob Nevins 
URL:
  

 Summary: fcdb: move password policy from server to Lua script
 Project: Freeciv
Submitted by: jtn
Submitted on: Sun Jul  8 15:19:08 2012
Category: None
Priority: 5 - Normal
  Status: None
 Privacy: Public
 Assigned to: None
Originator Email: 
 Open/Closed: Open
 Discussion Lock: Any
 Planned Release: 

___

Details:

Currently, all of the password policy is buried in the Freeciv server code,
but it seems like something a server operator might well want to customise.
For instance, the following are hardcoded in is_good_password():
* Minimum length 6 characters
* Restrictions on characters to printable and not certain kinds of
punctuation
* The server can enforce a minimum number of capital or numeric characters,
but right now it doesn't and requires a recompile to do so.

It seems to me that it would be better to move this sort of policy out from
is_good_password() etc into database.lua where it can be customised.

(This would mean the script handling plaintext passwords rather than MD5
hashes, but I'm fine with that. The script would probably also need access to
a MD5 and possibly other hash functions, but that should be achievable.)

(Other aspects like the number of retries -- currently 3 -- could in theory be
customisable, but that would require more state in the script.)




___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev