Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Thu Mar 28, 2024 9:48 am
Hosted Voice Broadcast


All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Password generation
PostPosted: Wed Dec 24, 2014 8:03 am 
Offline

Joined: Wed Feb 19, 2014 8:44 am
Posts: 7
It surprised me alot that password generation is not configurable, and generation mechanism is even different for admin-generated customers and signup , so I had to dive into it. As it is FOSS, I suppose we should share some ideas, so here is mine.

The default password from admin interface is a monster. None of my users wanted to enter password like '353748roisvk2pf36505', and I cannot blame them. Neither did I want to change this password every other time. Not to mention that I have no control over the password, generated during signup. So this is my small solution, applied to every place where password is generated:

Code:
$rwh = mt_rand(0,1);
if ($rwh) {
   $passui_secret = MDP_STRING(4).MDP_NUMERIC(4);
} else {
   $passui_secret = MDP_NUMERIC(4).MDP_STRING(4);
};


This creates 8-symbol, not so easily hacked as 10 digits, but still not so hard to remember passwords. It changes format from customer to customer (some 'characters-digits', other 'digits-characters'), thus leaving hacker without easy template to bruteforce.

But in order to keep these changes, I need to apply it again and again if any of files affected get changed during version upgrade. My suggestion to developers is to make this somehow configurable for everyone. Like, '%num5%%char5%', or 'DDDDDCCCCC', or whatever is best. If one wants monsterpasswords - let him be, if someone doesn't care and needs password of only 4 digits - let him have it.


Merry Xmas everyone


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 
Auto Dialer Software


All times are UTC


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group