suckypasswords check is very limited, could be expanded
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Wishlist
|
Amelia Cordwell |
Bug Description
When validating passwords, there is is a check against an array of really bad passwords:
https:/
Currently the collection of bad passwords is really small. It could be expanded. Some resources are:
http://
http://
http://
There should be more than one level of filtering bad passwords. Some, such as the current suckypasswords collection, should be forced. There should also be an optional blacklist based on the resources above.
Changed in mahara: | |
importance: | Undecided → Wishlist |
tags: | added: passwords security |
tags: | removed: security |
tags: | added: academy security |
Changed in mahara: | |
assignee: | nobody → Amelia Cordwell (amelia-stuffed) |
Changed in mahara: | |
status: | Triaged → Fix Committed |
Changed in mahara: | |
milestone: | none → 15.04.0 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
tags: | added: behat has-behat |
http:// sharetext. org/BEM is another good list (the one that Twitter used to use I think)