[ https://issues.apache.org/jira/browse/OFBIZ-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sumit Pandit updated OFBIZ-4958: -------------------------------- Attachment: OFBIZ-4958.patch Thanks Jacques for comments. Please find patch for functionality. Following is the way how it is implemented : Bullet points - * User's password must follow specific pattern. (pattern specified in security.properties file.) * Password pattern should configurable. * Display a proper error message if password does not follow the pattern. (error message specified in security.properties file.) * Error message to display for user should also be configurable. * Password pattern rules must applied on create/update a password for new/existing user Currently following rules are applied for password - * Minimum password length = 5 Char * Should contain alphanumeric values (Alphabets required, accept numeric but optional) * Should contain one of following special character : !@#$%^&* How to test - * Go to ecommerce and create a new customer. Observe your password; it should follow above pattern. * Or Go to partymgr and try to create an employee.Observe password; it should follow above pattern. * Try to update password; Observe it should follow above pattern. > Additional Validation for Password : Make password pattern driven > ------------------------------------------------------------------ > > Key: OFBIZ-4958 > URL: https://issues.apache.org/jira/browse/OFBIZ-4958 > Project: OFBiz > Issue Type: Sub-task > Components: ALL COMPONENTS > Affects Versions: SVN trunk > Reporter: Sumit Pandit > Fix For: SVN trunk > > Attachments: OFBIZ-4958.patch > > > Providing an additional validation for password - > Idea is to achieve following - > * Insist user to provide a stronger login password for additional protection. > * User's password need to match a pre-defined Pattern. > * Password pattern can change any time. > * Validation should applied for new user creation and update password > processes. > -- > Thanks And Regards > Sumit Pandit -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira