Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Password validation check #703

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

shivani-orch
Copy link
Contributor

We have fixed this OWASP issue - The application accepts very weak passwords like 'test'.
Strong password policy has been implemented - min8 char password consist of letter, special char, number etc

@amanda11
Copy link
Contributor

amanda11 commented May 24, 2021

Does this only enforce password rule on stdin, not via the password parameter? It would seem wrong to only enforce policy interactively and not on command line.

Also in st2-bootstrap the default if they don't specify is still Ch@ngeMe, which wouldn't match the policy - if the policy requires a number.

Has the password policy been agreed? In particular, the fact that the chosen policy breaks the default password that is used throughout many repos (including this repo in st2_bootstraph.sh).

Therefore if this password policy is agreed, then I think before it can be implemented, all other places in the different repos that use the current default password will need updating first - to prevent breakages. e.g its used in at least st2ci/st2cd/st2/st2vagrant/st2-docker/packer-st2 - and many more.
Alternatively a password policy that required special character or digit rather than both, would prevent the requirement to change all the other repos.

@CLAassistant
Copy link

CLAassistant commented May 11, 2022

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants