andrewgroup Posted August 4, 2010 Report Share Posted August 4, 2010 could someone explain the requirements of passwords to meet the available options. Maximum Security (example, at least ? characters, ? Special characters provide list) upper case etc.... Minimum Security Allow All passwords reviewed almost all DOCs in KIWI and SUPPORT and cannot find any reference on this? This would be nice to know since you can import all accounts and being sure the passwords meet the requirements is crucial. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted August 6, 2010 Report Share Posted August 6, 2010 could someone explain the requirements of passwords to meet the available options. The logic is enforced on the web site with a javascript. We are talking about this code: // Checks a string for a list of characters function get_score(pw, check) { var result = 0; for (i = 0; i < pw.length; i++) { if (check.indexOf(pw.charAt(i)) >= 0) result += check.length; } return result; } function secure_password(pw) { var method = (filled in during loading); var score = 0; score += get_score(pw, "0123456789"); score += get_score(pw, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); score += get_score(pw, "abcdefghijklmnopqrstuvwxyz"); score += get_score(pw, ";:-_=+\|//?^&!.@#*()%~<$>{}[]"); if(method == "medium") { if(score < 120) return false; return true; } if(method == "high") { if(score < 200) return false; return true; } // If the method is unknown return true (no check) return true; } function secure_pin(pw) { var method = (filled in during loading); var score = 0; var l = parseInt(pw[0]); for (var i = 1; i < pw.length; i++) { var c = parseInt(pw[i]); var d = c - l; if (d > 1 || d < -1) score += 2; else if (d != 0) score += 1; l = c; } if (method == "medium") { if (pw.length < 4) return false; if (score < 4) return false; return true; } if (method == "high") { if (pw.length < 6) return false; if (score < 6) return false; return true; } // If the method is unknown return true (no check) return true; } As you can see, the user input gets a score, and then depending on the password strength setting, it gets rejected or not. If the user turns javascript off, the PBX will accept all passwords. So the goal is to pretect the user from himself. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.