In general yes, but I also think there is a limit of what the end-user will want to enter, I know I wouldn't want to enter a different 12 char password string for each reservation I made.
Keep in mind that in normal VCL use the end-user sessions are both time limited and firewall restricted. One option is to add a variable option that is read from the variable table, sites can then set their own length. If the variable it not set, then default to 8 or just leave it at 6 char. A new feature in 2.4 is to allow sites/affiliations to have control on some settings such as timeouts, inuse checks, etc Note the root and administrator accounts are randomized 15 char strings at load time. Aaron On Mon, Nov 10, 2014 at 12:08 PM, Mark Gardner <[email protected]> wrote: > I have seen suggestions that passwords below a length of 12 should be > considered vulnerable. Should we increase the length of passwords further? > > Mark > > On Mon, Nov 10, 2014 at 10:02 AM, Aaron Peeler <[email protected]> > wrote: >> >> Charles, >> >> This is a good request and can easily be done. Can you create a jira >> issue for this? I'll fix it for the next release. >> https://issues.apache.org/jira/browse/VCL >> >> There is a routine in utils.pm (getpw) that is set to default to 6 if >> no length is provided. >> >> Thanks, >> Aaron >> >> On Sun, Nov 9, 2014 at 12:03 AM, Charles Roger SIMEU <[email protected]> >> wrote: >> > Hello, >> > >> > In image capture that i have tested, password have only 6 caracters >> > long. can the code be modified in the next release to increase it to 8 >> > caracters and olso satisfy other password requiement complexity (to include >> > numbers and specials caracters). >> > >> > Regars >> > >> > Charles Roger Simeu >> > >> > Montréal (Québec) >> > >> > >> >> >> >> -- >> Aaron Peeler >> Program Manager >> Virtual Computing Lab >> NC State University >> >> All electronic mail messages in connection with State business which >> are sent to or received by this account are subject to the NC Public >> Records Law and may be disclosed to third parties. > > > > > -- > Mark Gardner > -- -- Aaron Peeler Program Manager Virtual Computing Lab NC State University All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
