Shuffling the password to avoid having a subset of characters in fixed positions.#1058
Merged
Conversation
Contributor
|
LGTM to me. Simple fix to make passwords more secure |
Contributor
|
LGTM |
Contributor
|
@wido @ustcweizhou I see two "looks good to me" without validation test explenation. Did you guys test this and how? |
…aracters in fixed positions.
Contributor
|
I will run some tests on this branch and report back. |
Contributor
|
LGTM, based on a set of tests that I run on this branch (which I rebased myself first). Screenshot is from an experimental Jenkins job (that runs the same tests I did manually until now).
These test may not cover your change, all they do is show you didn't break them. |
asfgit
pushed a commit
that referenced
this pull request
Nov 22, 2015
Shuffling the password to avoid having a subset of characters in fixed positions.Related to CLOUDSTACK-9052. I am shuffling the characters in the password, to avoid having a certain char type in fixed positions. I modified the tests accordingly to only check that the different character types are present. I think it would be good to remove the hard requirement to have at least one of digits, upper-case, and lowercase chars, as it reduces the number of possible combinations passwords can take. What do you think? * pr/1058: CLOUDSTACK-9052 Shuffling the password to avoid having a subset of characters in fixed positions. Signed-off-by: Remi Bergsma <github@remi.nl>
Contributor
|
This was merged to 4.6, then to master as it is a security improvement that applied cleanly. @bhaisaab You may want to include this in the final 4.5 release. |
Member
|
@remibergsma thanks, will merge this on 4.5 soon. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related to CLOUDSTACK-9052.
I am shuffling the characters in the password, to avoid having a certain char type in fixed positions. I modified the tests accordingly to only check that the different character types are present.
I think it would be good to remove the hard requirement to have at least one of digits, upper-case, and lowercase chars, as it reduces the number of possible combinations passwords can take. What do you think?