[overlord-issues] [JBoss JIRA] (SRAMP-384) Add validation for password in overlord commons installer
David virgil naranjo (JIRA)
issues at jboss.org
Wed Apr 23 04:26:33 EDT 2014
[ https://issues.jboss.org/browse/SRAMP-384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12963188#comment-12963188 ]
David virgil naranjo commented on SRAMP-384:
--------------------------------------------
install-admin-user:
[echo]
[echo] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[echo] ! User Input Required !
[echo] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[echo]
Please enter a password for the Overlord 'admin' user:
Please write again the password:
* Error *
JBAS015238: Username must not match the password.
Please enter a password for the Overlord 'admin' user:
Please write again the password:
* Error *
The passwords you introduced do not match each other. Please write them again.
Please enter a password for the Overlord 'admin' user:
Please write again the password:
* Error *
JBAS015269: Password must have at least '8' characters!
Please enter a password for the Overlord 'admin' user:
Please write again the password:
* Error *
JBAS015267: Password must have at least one non-alphanumeric symbol.
Please enter a password for the Overlord 'admin' user:
Please write again the password:
> Add validation for password in overlord commons installer
> ---------------------------------------------------------
>
> Key: SRAMP-384
> URL: https://issues.jboss.org/browse/SRAMP-384
> Project: S-RAMP
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Eric Wittmann
> Assignee: David virgil naranjo
> Fix For: 0.5.0 - API Management
>
>
> Currently the overlord commons installer is responsible for doing all security related work. This includes creating the overlord 'admin' user and configured a password for this user. The installer prompts the user for this password and then passes whatever the user entered to the JBoss EAP add-user utility. This utility will fail if the password does not meet certain standards. However, the utility fails without failing the overall install.
> The installer should do its own validation of the password entered by the user so that this silent failure doesn't happen. Also note that the password input and validation should happen before anything else security related gets installed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the overlord-issues
mailing list