[PLIP-Advisories] [Plone development workspace] #10959: API for password validation policy

Change notifications for Plone PLIPs on Trac. plone-plip-advisories at lists.plone.org
Fri Nov 11 12:41:59 UTC 2011


#10959: API for password validation policy
---------------------+-----------------------
 Reporter:  djay     |       Owner:
     Type:  PLIP     |      Status:  reopened
 Priority:  minor    |   Milestone:  4.3
Component:  Unknown  |  Resolution:
 Keywords:           |
---------------------+-----------------------

Comment (by djay):

 Hi,

 I don't fully understand previous comments "We would like to see this done
 at the PAS level "

 Just want to confirm that what I'm going to code is going to suitable this
 time.
 1. Move the 5char password policy to its own password validation plugin in
 Products.PlonePAS
 2. remove all the code I added for a password generator plugin
 3. Make all auto generated passwords extremely long since its been
 determined that at no time does a new user see the autogenerated password.
 As long as the password is unguessable we should be fine.

 Is this ok?

-- 
Ticket URL: <http://dev.plone.org/ticket/10959#comment:35>
Plone development workspace <http://dev.plone.org/>
Plone Enterprise Content Management System


More information about the PLIP-Advisories mailing list