[Zope-CMF] Password strength

Chris Withers chrisw@nipltd.com
Tue, 22 Apr 2003 16:39:15 +0100 

The idea with the CMF was that tools would be replaceable so a drop-in tool that 
used cracklib would be cool :-)

cheers,

Chris

Andrew Veitch wrote:
> I've done a bit more research on this and I think writing a Python library
> to check if passwords are dictionary based is going to be tricky to do well
> and is reinventing the wheel.
> 
> I am going to use a Python interface to cracklib instead which has been
> relatively straightforward to get working. Unfortunately this is a Unix only
> solution so it's not appropriate to go into Zope. I'm sure there will be
> Windows equivalents somewhere but the Windows world is a mystery to me!
> 
> Suggest that we go with the min_password_length property and the
> custom_policy_hook as in your branch. I'll post a custom policy method along
> with a working Python/cracklib library onto zope.org for Unix users.
> 
> A
> 
> On 15/4/03 5:49 pm, "Tres Seaver" <tseaver@zope.com> wrote:
>  
> 
>>>  - Add a "Policies" tab to the 'portal_registration' tool.  This
>>>    tab can just be the 'manage_propertiesForm' for the tool.
>>>
>>>  - Add an '_properties' map to the tool, with non-deletable properties
>>>    which support your logic.
>>>
>>>  - Have the 'testPasswordValidity' method use those property values.
>>>[snip]
>>>We might add another string property, 'custom_validator_expression',
>>>which was a TALES expression indicating a custom script / regex /
>>>whatever to test the candidate password;  it would be used in place of
>>>the "default" logic, if present.
>>
>>BTW, I just checked in my initial pass at this on a branch,
>>'tseaver-reg_properties-branch', made from the HEAD of CVS.  At present,
>>it exposes the three properties we are discussing, but only enforces
>>length (replacing the hard-wired '5' with the property value).
>>
>>Tres.
> 
> 
> 
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://mail.zope.org/mailman/listinfo/zope-cmf
> 
> See http://collector.zope.org/CMF for bug reports and feature requests
> 
>