password-policy icon indicating copy to clipboard operation
password-policy copied to clipboard
verified publisher icon ircmaxell

(WIP) Adds rule that password not appear in a blacklist

Open mrclay opened this issue 11 years ago • 2 comments

Feedback welcomed. E.g. the JS version should not block the password, right? I added a few comments to help IDE comprehension. I know this needs tests.

mrclay avatar Jul 23 '14 23:07 mrclay

I would strongly suggest not dropping down to shell for this.

First, it could expose the password to anyone on the server (watching the process list), as it's passed in an argument)

Second, it's not portable

As far as working in JS or not, it would be preferable to do so, but not necessary.

ircmaxell avatar Jul 24 '14 15:07 ircmaxell

Yikes I didn't know cli args were easily snooped.

mrclay avatar Jul 28 '14 00:07 mrclay