Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-24392

Add password validation when users can set their password

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: CLOSED
    • Priority: Major
    • Resolution: Non-Issue
    • Affects Version/s: 10.0
    • Fix Version/s: None
    • Labels:
      None
    • Property addition/change required:
      Yes
    • Previous Issue Keys:
      RES-54

      Description

      If a user is validating their account, when they fill out the password fields, anything gets accepted (ie. their password can be "a").

      This patch adds a sakai.property:
      account-validator.validate.passwords=[true|false]

      When true, it uses an algorithm from OWASP ESAPI to determine if there is sufficient entropy, and also ensures that it differs enough from the user's eid

        Gliffy Diagrams

          Zeplin

            Attachments

            1. RES-54.patch
              6 kB
            2. RES-54.patch
              5 kB
            3. RES-54.patch
              5 kB
            4. RES-54.patch
              13 kB
            5. RES-54.patch
              18 kB

              Issue Links

                Activity

                  People

                  Assignee:
                  aaronz Aaron Zeckoski (Inactive)
                  Reporter:
                  bbailla2 Brian Baillargeon
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration