[Owncloud] enforcing password policy compliance

[Stefan Vollmar]

Hello,

I know that enforcing compliance with a specific password policy is controversial and I have no intention of entering a discussion about the usefulness, technical merits or desirability of password policies here: we currently have a compulsory password policy for all our institutes - this is simply the legal situation. -

We have added a few lines of PHP-code to our OwnCloud installation (current release) so that our setup only accepts new passwords that are at least 8 characters long and use a mixture of digits, upper- and lowercase letters in addition to "special" characters like ",", ";", "&", etc. The attached screen shot shows that the error message reflects in what way a new password does not comply with the MPS password policy (here: two criteria of the policy are not met).

We have made a few small changes here:
core/lostpassword/controller.php
and here:
core/lostpassword/templates/resetpassword.php
and are happy to share that code.

It is very simple to implement variations e.g. a policy that only ensures new passwords have a certain minimum length.

Warm regards,
 Stefan
-- 
Dr. Stefan Vollmar, Dipl.-Phys.
Head of IT group
Max-Planck-Institut für neurologische Forschung
Gleueler Str. 50, 50931 Köln, Germany
Tel.: +49-221-4726-213  FAX +49-221-4726-298
Tel.: +49-221-478-5713  Mobile: 0160-93874279
E-Mail: vollmar at nf.mpg.de   http://www.nf.mpg.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nf-pw-comp-f.jpg
Type: image/jpg
Size: 22356 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130914/b6f8f478/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4490 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130914/b6f8f478/attachment.bin>