portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Svee (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Created: (JS2-548) Extending password policy to require alternate characters (eg 2 numbers along with 4 letters) will fail on auto-password generation for new user registration
Date Wed, 21 Jun 2006 20:22:34 GMT
Extending password policy to require alternate characters (eg 2 numbers along with 4 letters)
will fail on auto-password generation for new user registration
-------------------------------------------------------------------------------------------------------------------------------------------------------------

         Key: JS2-548
         URL: http://issues.apache.org/jira/browse/JS2-548
     Project: Jetspeed 2
        Type: Bug

  Components: Security  
    Versions: 2.0-FINAL    
 Environment: All environments
    Reporter: Brad Svee
    Priority: Minor


The class org.apache.jetspeed.administration.AdminUtil in the Portal component has a generatePassword
method that is used by the registration portlet to create an auto-generated password for new
user registration. However that funtionality doesn't take into account any additional password
policy requirements, for example requiring at least 2 numbers in addition to several letters,
in this case, probability allows for a high success rate on succesfully generating proper
passwords, but sometimes it will fail generating a password without any numbers.  Additionally,
the password policy to require a "funny" character #$@% will never allow a generated password
to be created, because those characters are not in the password seed set.   Eventually it
would be nice to expose the password policy to the administration bean and generate new passwords
with the password policy configuration in mind.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message