[Zope-CMF] Password strength
Tres Seaver
tseaver@zope.com
15 Apr 2003 11:01:19 -0400
On Tue, 2003-04-15 at 05:22, Andrew Veitch wrote:
> I'm about to make some changes to the CMF for a client to allow control of
> password strength.
>
> I was going to add a couple of attributes to site_properties,
> min_password_length and no_dictionary_passwords
>
> I think all I need to do is some work on testPasswordValidity in the
> RegistrationTool.
>
> Does this approach seem sensible and would there by any interest in me
> contributing this code when it's done?
I think it is a reasonable extension. Here is how I would like to
package it:
- Add a "Policies" tab to the 'portal_registration' tool. This
tab can just be the 'manage_propertiesForm' for the tool.
- Add an '_properties' map to the tool, with non-deletable properties
which support your logic.
- Have the 'testPasswordValidity' method use those property values.
Note that I put the properties on the registration tool, rather than in
the "generic" site properties, for "separation of concerns" reasons.
We might add another string property, 'custom_validator_expression',
which was a TALES expression indicating a custom script / regex /
whatever to test the candidate password; it would be used in place of
the "default" logic, if present.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com