|
From: SourceForge.net <no...@so...> - 2007-12-17 00:40:25
|
Feature Requests item #1785513, was opened at 2007-08-31 13:15 Message generated for change (Comment added) made by amsys You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1785513&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: suprune (suprune) Assigned to: Nobody/Anonymous (nobody) Summary: Password and username restrictions Initial Comment: A user can change its password, and a domain administrator can set the password of a user. It would be nice if there were the following parameters in config.inc.php: password minimum length; and/or characters a password may contain, e.g. a regular expression for a password, like this: "!^[\\x21-\\x7E]{3,}$!" The same thing is desired for the users' names. Thanks. ---------------------------------------------------------------------- Comment By: amsys (amsys) Date: 2007-12-17 01:40 Message: Logged In: YES user_id=1299438 Originator: NO Maybe it will be nice to fix that nice red-to-green js password strength checker ;-) ---------------------------------------------------------------------- Comment By: suprune (suprune) Date: 2007-10-08 13:53 Message: Logged In: YES user_id=1868725 Originator: YES > Minimum password length is implemented in the latest SVN version > as config option. Thanks. > Checking the password against a RegEx shouldn't be too hard to implement, > but I'm not sure if we really need it. I believe the non-ASCII administrators (like me, a Russian speaking man) would like to prevent their users to set passwords containing non-acsii characters. There are at least 3 different code pages for Russian characters, and one never knows how the password is encoded when it arrives to the postfixadmin scripts. Besides, a space (0x20) is not always convenient as a possible character of a password. A regEx seems to be the best way to check a password, including a check against minimum and maximum lengths. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-10-07 20:49 Message: Logged In: YES user_id=593261 Originator: NO Status: Minimum password length is implemented in the latest SVN version as config option. Checking the password against a RegEx shouldn't be too hard to implement, but I'm not sure if we really need it. Usernames always have to be (valid) mail addresses and are already checked. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1785513&group_id=191583 |
