[Koha-bugs] [Bug 25934] RequireStrongPassword should be more complex (password policy complexity)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 8 04:04:01 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934
--- Comment #5 from David Cook <dcook at prosentient.com.au> ---
(In reply to Katrin Fischer from comment #3)
> I think a stronger default for new installations should be agreeable, but we
> can't change behaviour for existing ones.
That's a good point, although it would be good to force users to change their
passwords after policy changes. So libraries with knowledgeable administrators
could update their existing installations to more secure settings.
(In reply to George Williams (NEKLS) from comment #4)
Those are interesting points.
>From my perspective as a vendor/sysadmin, I'd prefer to mandate strong security
across the board to give the library the best protection. But from the library
perspective, I can understand wanting flexibility.
>From the vendor perspective, so long as there isn't a bug that can compromise
the underlying server, then I suppose the onus is on the library to manage
their own application security settings.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list