You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Damoder Reddy <Da...@citrix.com> on 2014/07/18 08:02:40 UTC

[PROPOSAL] Adding a plugin to check the password strength of all users

Hi all,

I am thinking to add a plugin which enables to check the password strength of a user while setting/resetting the password for that user.
why as a plugin because different companies may have a different rule sets to check the password strength.

The default implementation will have the password strength calculation based on the following parameters
1. Length of the password
2. Number of Character Sets involved in the password defined. For ex, Upper Case Letter, Lower Case letter, Digits and special character set.

Ay suggestions/Comments?

Thanks
Damoder

Re: [PROPOSAL] Adding a plugin to check the password strength of all users

Posted by Damoder Reddy <Da...@citrix.com>.

For the first part I am planning to add parameters to global settings.

But for the 2nd part I think it depends on where we are integrating this plugin.

To start with I will integrate it with abstract layer of Authenticator implementations and we can override in the corresponding authenticator on need basis.  

Thanks
Damoder/

On 18-Jul-2014, at 10:28 pm, Demetrius Tsitrelis <De...@citrix.com> wrote:

> So the plugin will show the strength AND it will enforce the strength when a user is created or updates his password.  Will it be possible for an administrator to disable either of these?
> 
> For both of those capabilities is the plugin's behavior configurable for different authentication encoders?  That is, could I have one set of rules for the SHA256 authenticator and a different set of rules for the MD5 authenticator?
> 
> -----Original Message-----
> From: Damoder Reddy [mailto:Damoder.Reddy@citrix.com] 
> Sent: Friday, July 18, 2014 9:13 AM
> To: dev@cloudstack.apache.org
> Subject: Re: [PROPOSAL] Adding a plugin to check the password strength of all users
> 
> Will show the strength of the password as well.
> 
> 
> On 18-Jul-2014, at 6:53 pm, Demetrius Tsitrelis <De...@citrix.com> wrote:
> 
>> Will the plugin merely show the strength of the password or will the plugin prevent the use of weak passwords?
>> 
>> ________________________________________
>> From: Damoder Reddy [Damoder.Reddy@citrix.com]
>> Sent: Thursday, July 17, 2014 11:02 PM
>> To: dev@cloudstack.apache.org
>> Subject: [PROPOSAL] Adding a plugin to check the password strength of 
>> all users
>> 
>> Hi all,
>> 
>> I am thinking to add a plugin which enables to check the password strength of a user while setting/resetting the password for that user.
>> why as a plugin because different companies may have a different rule sets to check the password strength.
>> 
>> The default implementation will have the password strength calculation 
>> based on the following parameters 1. Length of the password 2. Number 
>> of Character Sets involved in the password defined. For ex, Upper Case Letter, Lower Case letter, Digits and special character set.
>> 
>> Ay suggestions/Comments?
>> 
>> Thanks
>> Damoder
>

RE: [PROPOSAL] Adding a plugin to check the password strength of all users

Posted by Demetrius Tsitrelis <De...@citrix.com>.

So the plugin will show the strength AND it will enforce the strength when a user is created or updates his password.  Will it be possible for an administrator to disable either of these?

For both of those capabilities is the plugin's behavior configurable for different authentication encoders?  That is, could I have one set of rules for the SHA256 authenticator and a different set of rules for the MD5 authenticator?

-----Original Message-----
From: Damoder Reddy [mailto:Damoder.Reddy@citrix.com] 
Sent: Friday, July 18, 2014 9:13 AM
To: dev@cloudstack.apache.org
Subject: Re: [PROPOSAL] Adding a plugin to check the password strength of all users

Will show the strength of the password as well.

On 18-Jul-2014, at 6:53 pm, Demetrius Tsitrelis <De...@citrix.com> wrote:

> Will the plugin merely show the strength of the password or will the plugin prevent the use of weak passwords?
> 
> ________________________________________
> From: Damoder Reddy [Damoder.Reddy@citrix.com]
> Sent: Thursday, July 17, 2014 11:02 PM
> To: dev@cloudstack.apache.org
> Subject: [PROPOSAL] Adding a plugin to check the password strength of 
> all users
> 
> Hi all,
> 
> I am thinking to add a plugin which enables to check the password strength of a user while setting/resetting the password for that user.
> why as a plugin because different companies may have a different rule sets to check the password strength.
> 
> The default implementation will have the password strength calculation 
> based on the following parameters 1. Length of the password 2. Number 
> of Character Sets involved in the password defined. For ex, Upper Case Letter, Lower Case letter, Digits and special character set.
> 
> Ay suggestions/Comments?
> 
> Thanks
> Damoder

Re: [PROPOSAL] Adding a plugin to check the password strength of all users

Posted by Damoder Reddy <Da...@citrix.com>.

Will show the strength of the password as well.


On 18-Jul-2014, at 6:53 pm, Demetrius Tsitrelis <De...@citrix.com> wrote:

> Will the plugin merely show the strength of the password or will the plugin prevent the use of weak passwords?
> 
> ________________________________________
> From: Damoder Reddy [Damoder.Reddy@citrix.com]
> Sent: Thursday, July 17, 2014 11:02 PM
> To: dev@cloudstack.apache.org
> Subject: [PROPOSAL] Adding a plugin to check the password strength of all users
> 
> Hi all,
> 
> I am thinking to add a plugin which enables to check the password strength of a user while setting/resetting the password for that user.
> why as a plugin because different companies may have a different rule sets to check the password strength.
> 
> The default implementation will have the password strength calculation based on the following parameters
> 1. Length of the password
> 2. Number of Character Sets involved in the password defined. For ex, Upper Case Letter, Lower Case letter, Digits and special character set.
> 
> Ay suggestions/Comments?
> 
> Thanks
> Damoder

RE: [PROPOSAL] Adding a plugin to check the password strength of all users

Posted by Demetrius Tsitrelis <De...@citrix.com>.

Will the plugin merely show the strength of the password or will the plugin prevent the use of weak passwords?

________________________________________
From: Damoder Reddy [Damoder.Reddy@citrix.com]
Sent: Thursday, July 17, 2014 11:02 PM
To: dev@cloudstack.apache.org
Subject: [PROPOSAL] Adding a plugin to check the password strength of all users

Hi all,

I am thinking to add a plugin which enables to check the password strength of a user while setting/resetting the password for that user.
why as a plugin because different companies may have a different rule sets to check the password strength.

The default implementation will have the password strength calculation based on the following parameters
1. Length of the password
2. Number of Character Sets involved in the password defined. For ex, Upper Case Letter, Lower Case letter, Digits and special character set.

Ay suggestions/Comments?

Thanks
Damoder