portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Assigned: (JS2-548) Extending password policy to require alternate characters (eg 2 numbers along with 4 letters) will fail on auto-password generation for new user registration
Date Tue, 02 Mar 2010 20:21:27 GMT

     [ https://issues.apache.org/jira/browse/JS2-548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ate Douma reassigned JS2-548:
-----------------------------

    Assignee: Ate Douma

> Extending password policy to require alternate characters (eg 2 numbers along with 4
letters) will fail on auto-password generation for new user registration
> -------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JS2-548
>                 URL: https://issues.apache.org/jira/browse/JS2-548
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.0-FINAL
>         Environment: All environments
>            Reporter: Brad Svee
>            Assignee: Ate Douma
>            Priority: Minor
>             Fix For: 2.2.1
>
>
> The class org.apache.jetspeed.administration.AdminUtil in the Portal component has a
generatePassword method that is used by the registration portlet to create an auto-generated
password for new user registration. However that funtionality doesn't take into account any
additional password policy requirements, for example requiring at least 2 numbers in addition
to several letters, in this case, probability allows for a high success rate on succesfully
generating proper passwords, but sometimes it will fail generating a password without any
numbers.  Additionally, the password policy to require a "funny" character #$@% will never
allow a generated password to be created, because those characters are not in the password
seed set.   Eventually it would be nice to expose the password policy to the administration
bean and generate new passwords with the password policy configuration in mind.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message