[Zope-CMF] Password strength

[Andrew Veitch]

I've done a bit more research on this and I think writing a Python library
to check if passwords are dictionary based is going to be tricky to do well
and is reinventing the wheel.

I am going to use a Python interface to cracklib instead which has been
relatively straightforward to get working. Unfortunately this is a Unix only
solution so it's not appropriate to go into Zope. I'm sure there will be
Windows equivalents somewhere but the Windows world is a mystery to me!

Suggest that we go with the min_password_length property and the
custom_policy_hook as in your branch. I'll post a custom policy method along
with a working Python/cracklib library onto zope.org for Unix users.

A

On 15/4/03 5:49 pm, "Tres Seaver" <tseaver@zope.com> wrote:
 
>>   - Add a "Policies" tab to the 'portal_registration' tool.  This
>>     tab can just be the 'manage_propertiesForm' for the tool.
>> 
>>   - Add an '_properties' map to the tool, with non-deletable properties
>>     which support your logic.
>> 
>>   - Have the 'testPasswordValidity' method use those property values.
>> [snip]
>> We might add another string property, 'custom_validator_expression',
>> which was a TALES expression indicating a custom script / regex /
>> whatever to test the candidate password;  it would be used in place of
>> the "default" logic, if present.
> 
> BTW, I just checked in my initial pass at this on a branch,
> 'tseaver-reg_properties-branch', made from the HEAD of CVS.  At present,
> it exposes the three properties we are discussing, but only enforces
> length (replacing the hard-wired '5' with the property value).
> 
> Tres.