From The Mana World
Revision as of 16:04, 21 August 2008 by Exceptionfault (talk | contribs)
Thoughts about password policies (discussion @ #tmwdev 2008-08-21)
Configure and enforce password policies between tmwserv and tmwweb:
Both modules, tmwserv and tmwweb should use the same policies to check end enforce passwords. Therefore its just natural to have a common place to configure those policies.
Suggestion: use the tmwserv xml config file and add a section for password policies.
Here is a list of policies that shoul be supported and configurable by the server admin:
- minimum and maximum length of a password
- minimum amount of capital letters
- minimum amount of lowercase letters
- minimum amount of special characters
- list with valid chars to prevent special chars like tab or simple predefine an ascii range of allowed chars
- blacklist with passwords