[Koha-bugs] [Bug 18298] Enforce password complexity

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Mar 21 14:35:36 CET 2017


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298

--- Comment #23 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Jonathan Druart from comment #20)
> I am in discussion with the sponsor about the special character. In any
> cases that will be dealt on another bug report.
Well, I have quite a strong opinion on that one..

> > I saw several constructs like:
> > my $minpw = C4::Context->preference('minPasswordLength');
> > $minpw = 3 if not $minpw or $minpw < 3;
> > We could call a function in C4/Auth to get the password length and not check
> > the pref everywhere. And increase 3 of course.
> 
> See the whole patch set, this is fixed in the last patch.
OK Sorry, I didnt see.

> > "Now that we have a check client-side, nothing prevents us from a smart guy
> > to
> > bypass it and force an invalid password."
> > And this is an issue. How do you want to resolve that one?
> 
> Hum? I added server-side checks everywhere.
If so, the commit message is confusing.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list