Hello all! I have attached a little specification of some new password handling features: - password validation constraints - password expiration
I'd like to know if some or all of this has allready been implemented, and if the author is willing to share? best regards, -- Gunnstein Lye Systems engineer [EMAIL PROTECTED] | eZ Systems | http://ez.no
SPECIFICATION FOR PASSWORD EXPIRY AND VALIDATION ------------------------------------------------ Gunnstein Lye <[EMAIL PROTECTED]> 3.12.2007 A specification for added and improved password features: - password validation constraints - password expiration 1. Password validation constraints A password MUST contain: - at least one* letter a-z or A-Z - at least one* number 0-9 *) The count MAY be made configurable, but this is not required. The password length MUST be greater than or equal to site.ini [UserSettings] MinPasswordLength (Not a new feature, this is standard.) The password MAY contain other characters, including but not limited to japanese, IF site.ini [UserSettings] UseSpecialCharacters=true (Not a new feature, this is standard.) 2. Password expiration Passwords MUST have a limited lifetime. The length of the lifetime MUST be configurable. The system MUST accept 0 (zero) as a valid lifetime length, and MUST interpret this to mean no limit (infinite lifetime). At a set time before the password expires, the system MUST send an email to the user, stating that the password is about to expire. The time MUST be configurable. The text of the email MUST be configurable (template). When the password expires, the system MUST NOT accept it for logging in. However, the system MUST accept the old password as validation when entering the new password. The system MUST check that the new password is not the same as the old one. The new and the old passwords MUST be different. The system MUST keep a history of old passwords. This history MUST be personal (per user). New passwords MUST NOT be equal to any password in the history. The length of the password history MUST be configurable. The system MUST accept 0 (zero) as a valid history length, and MUST interpret this to mean no limit (infinite history). 3. Configuration All settings MUST be editable in the admin interface. The standard INI settings editor is acceptable.
-- Sdk-public mailing list [email protected] http://lists.ez.no/mailman/listinfo/sdk-public
