[JBoss JIRA] (WFLY-809) add-user scripts not checking password strength for management users

Thursday, 27 June 2013

     [
https://issues.jboss.org/browse/WFLY-809?page=com.atlassian.jira.plugin.s...
]

Darran Lofthouse resolved WFLY-809.
-----------------------------------

    Resolution: Out of Date

There has been a fair amount of work in this area to optimise error reporting so that
errors are reported as quickly as possible to avoid situations where a user is asked for
their password twice just to be told it is weak!

This work also picked up ensuring validation happened for all transitions and picked up
cases where validation was skipped.

If this is reproducible please re-open this issue with the exact steps taken.

...
 add-user scripts not checking password strength for management users
 --------------------------------------------------------------------

                 Key: WFLY-809
                 URL: https://issues.jboss.org/browse/WFLY-809
             Project: WildFly
          Issue Type: Bug
          Components: Security
            Reporter: Cheng Fang
            Assignee: Darran Lofthouse
            Priority: Critical
             Fix For: 8.0.0.Alpha3

 So there is passwd check for app users, like at least x characters long, with mixed
letters, numbers, etc.
 Is the same strength check applied to management user? I would assume management user
passwords have more stringent requirement, at least should be the same as app user. But I
can create a management user using password that consists of all letters (more than 8
letters). 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006