mahara-contributors team mailing list archive

Thread
Date

[Bug 1625361] Re: Use password check on /admin/users/edit.php

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1625361@xxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Sep 2016 22:24:52 -0000
Reply-to: Bug 1625361 <1625361@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I thought this was a design decision. An admin is most likely setting a
temporary password for another user, or (in my case) setting up a test
password for dev purposes. In those cases, it's more convenient not to
have the password restrictions in place.

Although, I'd be happy if we added the password restrictions everywhere,
*but* added a config-defaults.php setting to optionally disable them.
(Moodle has this. You can put "$CFG->passwordpolicy=0;" in your
config.php, and it will disable password restrictions.)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1625361

Title:
  Use password check on /admin/users/edit.php

Status in Mahara:
  Confirmed

Bug description:
  When you change your password on your personal account settings page
  or via the force password screen, it goes through a password checker
  to determine some basic security and length of the password.

  These checks are not performed on when changing the password on
  /admin/users/edit.php as admin.

  For example: I can enter the password "mahara" on that screen, but
  can't use it on /account/index.php because it's deemed too simple.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1625361/+subscriptions

References

[Bug 1625361] [NEW] Use password check on /admin/users/edit.php
From: Kristina Hoeppner, 2016-09-19