[Koha-bugs] [Bug 18298] Enforce password complexity
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 21 14:43:59 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298
--- Comment #24 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Marcel de Rooy from comment #23)
> (In reply to Jonathan Druart from comment #20)
> > I am in discussion with the sponsor about the special character. In any
> > cases that will be dealt on another bug report.
> Well, I have quite a strong opinion on that one..
In any cases I would prefer to deal with it on another bug report.
Actually my concern is that some people could find it is a too strong
requirement.
Indeed you can have a very strong password without any special characters. It
could lead to user frustration.
And libraries will turn it off.
> > > "Now that we have a check client-side, nothing prevents us from a smart guy
> > > to
> > > bypass it and force an invalid password."
> > > And this is an issue. How do you want to resolve that one?
> >
> > Hum? I added server-side checks everywhere.
> If so, the commit message is confusing.
It says: "Now that we have a check client-side, nothing prevents us from a
smart guy to bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side."
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list