https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30605 Bug ID: 30605 Summary: New password should be more than just unequal to old password Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: m.de.rooy@rijksmuseum.nl QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org
From a comment on bug 29925:
If my password was 123Jim+1, and I just change to 123Jim+2, or change 3Jim@abc to 4Jim@abc, could we refuse such changes? Look for some 'large enough' string that they have in common or so? Or compare the number of positions where they are different? Note that it might be possible to move such code into a check_password plugin, but we would need the old and new password when calling ->set_password. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.