| Author |
 Topic  |
|
muzishun
Senior Member
United States
1079 Posts |
 Posted - 22 January 2008 : 16:27:14
|
I've packaged up a couple of the security tweaks Shaggy and I discussed in the Password Salting thread, and I've added a bit of flair to them. The admin can now configure the minimum/maximum length of the passwords from the Main Forum Configuration. They can also toggle alphanumeric passwords on and off from there as well.
From the readme:
quote:
This miniMOD adds a few security enhancements to users' passwords. It gives the forum owner the ability to specify minimum and maximum password lengths, as well as other features.
Download from SnitzBitz.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
Edited by - muzishun on 22 January 2008 16:27:54 |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 22 January 2008 : 17:27:20
|
Thanks much. I'm really loving the amount of time that I can spend working on "side code" like Snitz while I'm at work. There is a lot of self-management, and as long as I'm getting all of my work done, I have a fair amount of leeway. It has definitely helped me start to catch up on "The List".  < |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
 |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 23 January 2008 : 01:18:54
|
I was in that position too for a while ; loved every day of it!  (20+ hours of Snitz in worktime a week, since the department I worked at had a Snitz based CMS system plus Snitz forum (which was btw caused by me too as I installed it between xmas and newyear ))< |
portfolio - linkshrinker - oxle - twitter |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 23 January 2008 : 04:37:34
|
Nicely done, Muz'  Definitely one I'd recommend for inclusion in the base code once it's had a few test drives.
< |
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 23 January 2008 : 08:26:16
|
| Thanks much, Shaggy. As I said, I've had a lot more time to work on stuff lately, so I have been keeping track of the different threads where people talk about things that don't/should have MODs and using those as fuel for my coding energy.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
PPSSWeb
Junior Member
312 Posts |
Posted - 23 January 2008 : 10:27:39
|
| Great Idea! I can't wait until I have time to test it out. Thanks!< |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 23 January 2008 : 10:51:22
|
| You're welcome.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
thelodger
Junior Member
United Kingdom
296 Posts |
Posted - 23 January 2008 : 14:29:37
|
| Can I add this retrospective, I don’t want to add this excellent mod if it will affect the current members.< |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 23 January 2008 : 16:34:02
|
| It will only affect current members if they change their password. It checks to see if they are changing their password in pop_profile.asp, and if they are, the new security measures are enforced. If not, their old password remains.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
thelodger
Junior Member
United Kingdom
296 Posts |
Posted - 23 January 2008 : 16:49:21
|
| Great cheers, I will add it asap.< |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
Posted - 23 February 2008 : 17:23:58
|
I have tested it now.
It works quite well, but there are some redundant error messages if a password is too short or if there is a number in the beginning..
so I have changed the routine checkink password in register and pop proile to avoid redundant error messages
I have changed
to:
it seems working, but if someone has some better ideas he is welcome...< |
Ernia e Laparocele
Forum di Ernia e Laparocele
Acces - MySql Migration Tutorial
Adamantine forum |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
philsbbs
Junior Member
United Kingdom
397 Posts |
Posted - 24 February 2008 : 05:33:41
|
Installed and tested and works a treat.
Keep up the great work.< |
Phil |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 24 February 2008 : 19:07:42
|
| Thanks modifichicci and phil. Hopefully I will have time this week to make some updates to this and re-release it. Till then, I will assume the changes you have above are kosher and work well. < |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
Astralis
Senior Member
USA
1218 Posts |
Posted - 04 March 2008 : 15:32:10
|
Muzishun,
Am I correct that this will only make new accounts have stronger passwords? While that's important, my real problem are the old accounts with weak passwords.< |
|
|
|
Topic |
|
Password Security Tweaks
