While I appreciate the #password requirements, I admit to being at a loss atm.
So is my @bitwarden 馃槄
Joel Michael
boosted
This dumb password rule is from Bendigo Bank.
Exactly eight characters.
https://dumbpasswordrules.com/sites/bendigo-bank/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Bendigo Bank.
Exactly eight characters.
https://dumbpasswordrules.com/sites/bendigo-bank/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Of course, this new credentials checker in #swad needs a #tool to edit these #password files, that's currently work in progress.
I just implemented the class for reading a password, pretty simple thing from a pipe, but an "interesting" job from a #terminal. Turns out doing that portably, reliably and secure needs quite some code. 馃檲
There's #getpass, but that's deprecated for good reasons (global state and not perfectly clear how it deals with #signals that could interrupt the input). And there's the sane replacement #readpassphrase in some systems (e.g. #FreeBSD), but that's not portable. 馃檭
So, plain old #tcsetattr it is, with some signal handling on top:
https://github.com/Zirias/swad/commit/447f48096fc275a5bae113393ffe9a3cbc66cc95