[jboss-jira] [JBoss JIRA] (AS7-2756) Implement username / password strength checks

Oleg Kulikov (Updated) (JIRA) jira-events at lists.jboss.org
Tue Dec 27 10:12:09 EST 2011 

     [ https://issues.jboss.org/browse/AS7-2756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kulikov updated AS7-2756:
------------------------------

    Attachment: 2756.patch


 Performs password strength checks using following rules:
  - Number of characters
  - Presence of upper case letters
  - Presence of lower case letters
  - Presence of numbers
  - Presence of symbols
  - Repeat characters
  - Consecutive upper case letters
  - Consecutive lower case letters
  - Consecutive numbers
 
  Minimum requirements:
  - minimum 8 characters in length
  - contains 3/4 of the following items:
     - upper case letters;
     - lower case letters;
     - numbers
     - symbols
                
> Implement username / password strength checks
> ---------------------------------------------
>
>                 Key: AS7-2756
>                 URL: https://issues.jboss.org/browse/AS7-2756
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: Domain Management
>            Reporter: Darran Lofthouse
>             Fix For: Open To Community
>
>         Attachments: 2756.patch
>
>
> The AS 7.1 distribution now contains a utility for adding new users to the property files, this utility contains some very basic checks of the username and password e.g. bad choices of username and disallowing passwords which match the username.
> This Jira is to implement a more advanced check to enforce complexity.
> I believe we should have something along the lines of a util that will take a username and password and will respond ACCEPT, REJECT, or WARN where WARN has a message to display to the user and the user an opportunity to ignore the warning or return to re-entry of the details.
> At some point in the future this could become a management operations so the implementation shouldn't be too constrained to the current command line tool.  
> As a management op we may also want to take into account the user making the request, i.e. a user changing their own password has tighter restrictions than the overall administrator.
> As the add user script is currently stand alone this may be a nice task for someone to undertake who would like to get more familiar with submitting an AS change without needing to get too involved with the internals of the application server at this stage.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list