[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 6 03:27:03 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
--- Comment #20 from David Cook <dcook at prosentient.com.au> ---
I think that sending the securePasswordPattern is not a good idea, as it's not
the API consumer's job to handle the password. Sending "code" and
"securePasswordLabel" is fine as that communicates the message from Koha to the
API consumer.
On my TODO list, I'm actually planning more complex password security than just
a regex. I want to add a customizable list of passwords that users cannot use
(e.g. "password", "123456", "Password1", "koha", etc).
We could also add rules like the password and username cannot match.
These aren't "patterns" per se, but would rather be communicated by "code" and
"securePasswordLabel" I think.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list