You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Sumit Pandit (JIRA)" <ji...@apache.org> on 2012/07/18 11:55:35 UTC
[jira] [Updated] (OFBIZ-4958) Additional Validation for Password :
Make password pattern driven
[ https://issues.apache.org/jira/browse/OFBIZ-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sumit Pandit updated OFBIZ-4958:
--------------------------------
Attachment: OFBIZ-4958.patch
Thanks Jacques for comments. Please find patch for functionality.
Following is the way how it is implemented :
Bullet points -
* User's password must follow specific pattern. (pattern specified in security.properties file.)
* Password pattern should configurable.
* Display a proper error message if password does not follow the pattern. (error message specified in security.properties file.)
* Error message to display for user should also be configurable.
* Password pattern rules must applied on create/update a password for new/existing user
Currently following rules are applied for password -
* Minimum password length = 5 Char
* Should contain alphanumeric values (Alphabets required, accept numeric but optional)
* Should contain one of following special character : !@#$%^&*
How to test -
* Go to ecommerce and create a new customer. Observe your password; it should follow above pattern.
* Or Go to partymgr and try to create an employee.Observe password; it should follow above pattern.
* Try to update password; Observe it should follow above pattern.
> Additional Validation for Password : Make password pattern driven
> ------------------------------------------------------------------
>
> Key: OFBIZ-4958
> URL: https://issues.apache.org/jira/browse/OFBIZ-4958
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sumit Pandit
> Fix For: SVN trunk
>
> Attachments: OFBIZ-4958.patch
>
>
> Providing an additional validation for password -
> Idea is to achieve following -
> * Insist user to provide a stronger login password for additional protection.
> * User's password need to match a pre-defined Pattern.
> * Password pattern can change any time.
> * Validation should applied for new user creation and update password processes.
> --
> Thanks And Regards
> Sumit Pandit
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira