cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: Blacklists for passwords
Date Wed, 22 Jan 2014 14:04:45 GMT
Demetrius,

>From a development point of view I would oppose to such a feature. Of
course we can en-/disable it by a build profile.
Further more it should imo be configurable as to what the format must
be that the password adheres to.

Hope this spikes some opposition,
Daan

On Tue, Jan 21, 2014 at 8:04 PM, Demetrius Tsitrelis
<dtsitrelis@live.com> wrote:
>
>
> CloudStack does not enforce complexity rules for user passwords even in its built-in
user database. For some accounts in particular, such as the root domain admin, it would seem
a good idea to have some minimum requirements.  Empty passwords, for example, should not be
allowed. What do you think about having a blacklist of
> unacceptable passwords (e.g., “password”, “admin”, etc.) for the rood domain
admin?
>
>

Mime
View raw message