Announcement

  •  » Extensions
  •  » [Plugin] Password Policy - Official support topic

#1 2013-10-23 17:38:27

Eric
Piwigo Team
VALENCE (FR)
2005-03-25
1768

[Plugin] Password Policy - Official support topic

Hi !

Here is a new plugin about "securing access to the gallery and passwords" : [extension by Eric] Password Policy.

[edit] Initial release 2.5.0 available [/edit]


Important: Some features have been migrated from the UserAdvManager plugin (version < 2.50.x ) . This plugin is therefore only compatible with the 2.51.x and upper UserAdvManager versions.



List of plugin features :

* Complexity of passwords chosen by users (or admin) when registering
    If enabled, a password complexity score must be set. All passwords chosen not respecting this score will be rejected. The administration module of the plugin allows to test the complexity configuration.

* Renewal passwords policy
    Adds a new column and action in the users management interface of Piwigo to manually initiate a renewal of the password of one or more registered users.
    At their next login , they will be automatically redirected to their profile page and prompted to change their password. And this, until the action is performed.

* Management of failed login attempts due to incorrect password
    Allows to define a maximum number of login attempts with incorrect password. Beyond this limit, the user account is locked and can no longer connect to the gallery. He should contact the administrator to request the unlocking.
    The administrator can then perform the unlocking in the users management interface of Piwigo where a symbol will show locked accounts.

This topic will be the official English support.

Last edited by Eric (2013-10-23 17:45:21)

Offline

 

#2 2019-03-11 19:21:33

FotofuchsWW
Member
2019-02-11
2

Re: [Plugin] Password Policy - Official support topic

Hello Eric,

thank you for your Piwigo-plugin "Password Policy". I'm using ist in the newest version 2.8.0 and I'm very convinced by it's functionality.

I'm not sure, if you are still revise and renew this plugin, but I hope so.

Today, I guess I found a security-bug by using the plugin:
I set the security level for passwords to a minimal score with 120.
If an user now tries to renew his password over the function "password forgotten" he receipts an E-Mail with a hyperlink to renew his password. By this link the user is able to chose any kind of password, ignoring the minimal score of 120.

I hope I could explain the problem anyhow understandable, with my broken English. ;-)
I would be glad to hear from you or someone else, if there is any way to (special settings) so close the described security gap.

Thanks for your help! With best regards - Daniel

Offline

 

#3 2019-03-12 19:07:49

Eric
Piwigo Team
VALENCE (FR)
2005-03-25
1768

Re: [Plugin] Password Policy - Official support topic

Hi Daniel (are you French ?),

Thank you for your advice of this security bug. Unfortunatly, I've no free time to support this plugin. If you have any php skills, you can try to fix this. Source codes are ever free ;-)

Or if anyone here would be interested to review the code, feel free !

Offline

 
  •  » Extensions
  •  » [Plugin] Password Policy - Official support topic

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact