Re: [sqwebmail] Minimum length of a new password - Pawel Tecza - net.sourceforge.lists.courier-sqwebmail

3 messages in net.sourceforge.lists.courier-sqwebmailRe: [sqwebmail] Minimum length of a n...

From	Sent On	Attachments
Pawel Tecza	Apr 26, 2006 4:29 am	.gz
Sam Varshavchik	May 2, 2006 7:25 pm
Pawel Tecza	May 4, 2006 12:44 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [sqwebmail] Minimum length of a new password	Actions...
From:	Pawel Tecza (p.te...@net.icm.edu.pl)
Date:	May 4, 2006 12:44:16 am
List:	net.sourceforge.lists.courier-sqwebmail

Hello again,

On Tue, 2 May 2006, Sam Varshavchik wrote:

Pawel Tecza writes:

Hello Sam,

What do you think about checking length of new password? At this moment you don't do it, so a user can set even 1 character length password. I think it's not secure for him.

Could you please look at my patch? I added --with-minpasslen=<len> configure option which sets minimum length of a password in config.h file (#define MINPASSLEN <len>). Of course, this option is not obligatory, because default value of MINPASSLEN is 1.

What do you think about this option?

BTW, why goodpass() function is disabled in pref.c file? In my opinion it can be useful if we want to limit allowed characters in user's password.

goodpass() duplicates the validation code in authdaemond's passwd(). The password data eventually finds its way into authdaemond passwd(), which does the same edit checks.

Thanks for your reply! I didn't know about it.

Have a nice day,

Pawel

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: