[Koha-bugs] [Bug 30605] New: New password should be more than just unequal to old password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Apr 25 14:01:39 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30605
Bug ID: 30605
Summary: New password should be more than just unequal to old
password
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: m.de.rooy at rijksmuseum.nl
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
>From a comment on bug 29925:
If my password was 123Jim+1, and I just change to 123Jim+2, or change 3Jim at abc
to 4Jim at abc, could we refuse such changes?
Look for some 'large enough' string that they have in common or so?
Or compare the number of positions where they are different?
Note that it might be possible to move such code into a check_password plugin,
but we would need the old and new password when calling ->set_password.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list