https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298 --- Comment #24 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Marcel de Rooy from comment #23)
(In reply to Jonathan Druart from comment #20)
I am in discussion with the sponsor about the special character. In any cases that will be dealt on another bug report. Well, I have quite a strong opinion on that one..
In any cases I would prefer to deal with it on another bug report. Actually my concern is that some people could find it is a too strong requirement. Indeed you can have a very strong password without any special characters. It could lead to user frustration. And libraries will turn it off.
"Now that we have a check client-side, nothing prevents us from a smart guy to bypass it and force an invalid password." And this is an issue. How do you want to resolve that one?
Hum? I added server-side checks everywhere. If so, the commit message is confusing.
It says: "Now that we have a check client-side, nothing prevents us from a smart guy to bypass it and force an invalid password. This patch adds two new subroutines to Koha::AuthUtils to check the validity of passwords and generate a password server-side." -- You are receiving this mail because: You are watching all bug changes.