Revision [1383]
This is an old revision of UserSettingsAndPasswords made by AHerdOfTurtles on 2004-09-24 10:38:06.
User Settings and Passwords
Here I'll share my efforts to make user registration, login/logout and password-handling a little more user-friendly as well as more secure. And apart from making sure the associated forms are XHTML-compliant, I'm also making them accessible according to the WAI guidelines.
Password length
Currently the system only enforces a minimum password length of 5 characters. That's generally not considered a very secure password, so my first action was to make this minimum length Admin-configurable.- edit wikka.config.php and add the following line:
"user_min_password" => "5", // default minimum password length
- if you want to have this generated on installation, add the same line to the $wakkaDefaultConfig array in wikka.php.
- edit actions/usersettings.php and replace every occurrence of
< 5with< $this->config["user_min_password"]
Now minimum password length is Admin-configurable and will be enforced in UserSettings for registration and login. (Make sure any existing passwords are of sufficient length first!) A good minimum is 8 characters but this patch maintains the current default of 5 in Wikka.
Um, I'm not one to speak from experience, but isn't the whole concept of a wiki supposed to render security irrelevent? Additionally, the wiki format (instead of a forum), is that editing a page is for non-registered users should be as easy and quick as possible. If anything, the default should be lower than 5 (like 2 characters). I appreciate the ability to configure the min_length, but does this have any ramfications on /setup files? Like in the case of upgrading? -- Sam
