[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Sep 30 02:46:57 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617
--- Comment #21 from David Cook <dcook at prosentient.com.au> ---
The following is incomplete but could be useful for testing individual
characters (you'd just have to iterate through the password string).
Tangentially, Chinese characters will pass both the "is_upper" and "is_lower"
case tests. In terms of pam_cracklib, it seems that Chinese characters would
give uppercase credits but not lowercase credits (since a character can only be
classed with 1 class).
Unfortunately, special characters also pass the "is_upper" and "is_lower"
tests, so that algorithm isn't really good enough. THat said, C implementations
for isupper is super problematic too as they're ASCII based...
(https://git.musl-libc.org/cgit/musl/tree/include/ctype.h).
But I guess that goes back to supporting ASCII-only passwords...
<html>
<head>
<script>
function is_upper(value){
var is_upper = false;
if (value.toUpperCase() === value){
is_upper = true;
}
return is_upper;
}
function is_lower(value){
var is_lower = false;
if (value.toLowerCase() === value){
is_lower = true;
}
return is_lower;
}
function is_digit(value){
return /\d/.test(value);
}
alert(is_lower('?'));
/*
alert(is_digit('A'));
alert(is_digit('1'));
alert(is_lower('我'));
alert(is_lower('ä'));
alert(is_lower('Ä'));
*/
</script>
</head>
</html>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list