From The Mana World
Revision as of 16:04, 21 August 2008 by Exceptionfault (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Thoughts about password policies (discussion @ #tmwdev 2008-08-21)

Configure and enforce password policies between tmwserv and tmwweb:

Both modules, tmwserv and tmwweb should use the same policies to check end enforce passwords. Therefore its just natural to have a common place to configure those policies.

Suggestion: use the tmwserv xml config file and add a section for password policies.

Here is a list of policies that shoul be supported and configurable by the server admin:

  • minimum and maximum length of a password
  • minimum amount of capital letters
  • minimum amount of lowercase letters
  • minimum amount of special characters
  • list with valid chars to prevent special chars like tab or simple predefine an ascii range of allowed chars
  • blacklist with passwords