Issue Details (XML | Word | Printable)

Key: CORE-5156
Type: Improvement Improvement
Status: Open Open
Priority: Minor Minor
Assignee: Alexander Peshkov
Reporter: Pavel Zotov
Votes: 1
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Add setting for minimal password length

Created: 18/Mar/16 04:05 PM   Updated: 19/Nov/20 03:04 PM
Component/s: Security
Affects Version/s: 4.0 Initial
Fix Version/s: 4.1 Initial

File Attachments: 1. File userman.py.7z (0.8 kB)


QA Status: No test


 Description  « Hide
Currently one may to change password of existing user to empty string ( '' ) - example can be seen in attached python script.
It will be useful to have configurable setting that will prevent such changes and also will require minimal number of different characters in password (in order to exclude trivial cases like: 'aaaaa', 'qwe' etc).

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dimitry Sibiryakov added a comment - 18/Mar/16 04:13 PM
As we have a plugin-based security now, this option should be in plugin's config, IMHO.

Alexander Peshkov added a comment - 18/Mar/16 04:32 PM
Or it may be enforced for all plugins.

Simonov Denis added a comment - 18/Mar/16 06:00 PM
This improvement should affect not only the length of the password. It is necessary to define some security policies that other properties such as password complexity, password expiration, etc.