From The Mana World
Revision as of 17:47, 21 August 2008 by Kess (talk | contribs) (→Configure and enforce password policies between tmwserv and tmwweb:: thought on non-Latin scripts)
Thoughts about password policies (discussion @ #tmwdev 2008-08-21)
Configure and enforce password policies between tmwserv and tmwweb:
Both modules, tmwserv and tmwweb should use the same policies to check end enforce passwords. Therefore its just natural to have a common place to configure those policies.
Suggestion: use the tmwserv xml config file and add a section for password policies.
Here is a list of policies that shoul be supported and configurable by the server admin:
- minimum and maximum length of a password
- minimum amount of capital letters
- minimum amount of lowercase letters
- minimum amount of special characters
- list with valid chars to prevent special chars like tab or simple predefine an ascii range of allowed chars
- blacklist with passwords
- I have no idea of how the plans look, how the discussions go. Though, if non-Latin scripts are/should be allowed (Unicode), a thought need to be given about that it is fairly uncommon in the scripts of this world to make a difference between capital and lowercase letters. Perhaps combine the two letter rules in one, and if more are needed, instead add a rule of minimum amount of digits (which again may or may not be different for various scripts/languages). Also, if non-Latin Unicode is supported what you mean with the length of the password needs to be defined, as various characters may need different amounts of bytes to be represented... --kess 19:47, 21 August 2008 (CEST)