Ticket #5404 (closed enhancement: duplicate)

Opened 9 months ago

Last modified 8 months ago

Add pluggable function to enforce password strength

Reported by: pishmishy Assigned to: pishmishy
Priority: normal Milestone:
Component: Security Version:
Severity: normal Keywords: has-patch
Cc:

Description

Patch adds an extra option (disabled by default) to force users to chose secure passwords. A plugin replaceable function is called at the appropriate time to check the strength of the password. I realize that this functionality could be achieved through a plugin but I'd like to make the case that the extra security gained against brute force attacks makes it worth including. See also #4470 (Ideally I should really rewrite the function to replicate that javascript function).

Attachments

5404.patch (3.8 kB) - added by pishmishy on 11/30/07 15:25:29.

Change History

11/30/07 15:25:29 changed by pishmishy

  • attachment 5404.patch added.

12/04/07 13:31:42 changed by pishmishy

  • keywords set to has-patch.

Ignore my comment on #4470. With after thought I don't think that Javascript function isn't great. checkRepetition() isn't well documented, the algorithm isn't clear (why check for symbols, numbers and then again for symbols and numbers - surely the score would take that into account naturally?).

Preferring my patch for now.

12/19/07 14:25:05 changed by pishmishy

  • status changed from new to assigned.

12/20/07 01:37:31 changed by darkdragon

Well, since you are doing this, then ignore my other comment.

01/03/08 09:14:35 changed by JDTrower

A patch has been posted on #4470 that includes the functionality requested in this ticket. That patch needs testing.

01/03/08 15:34:00 changed by pishmishy

  • status changed from assigned to closed.
  • resolution set to duplicate.
  • milestone deleted.

Thanks. Closing as duplicate of 4470.