Kory our solution was to download an English dictionary (I think from the MM Dev Ex) and store it as an SQL table. Then compare submitted passwords. Our policy is that passwords have to be alphanumeric and cannot contain real words or names, so our code removes numbers first. The problem we still have is when someone submits "susanx5" and CF removes the 5 but says the password is OK because "susanx" is not in the dictionary. I have to intervene because it's obviously not in compliance.
Keith Purtell, Web/Network Administrator VantageMed Corporation (Kansas City office) CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kory Bakken Sent: Friday, April 16, 2004 9:06 AM To: [EMAIL PROTECTED] Subject: [KCFusion] Increased Password Security Does anybody know of a custom tag that exists that would check passwords against an English dictionary to make sure that the entered password is not easily hacked? Or is there simply a dictionary tag that we could check for records returned for portions of passwords? Thanks, Kory Bakken
<<attachment: winmail.dat>>
