stable

Clone or download

Read-only

The feature should be disabled by default

Go to create a new user page. Ensure that local.inc does not contain definition of variable $reject_compromised_password. The password checker popover should not tell about compromised password. In commit #d0541ef0201d1804bce7ef5154115328ca3929aa a mistake has been made in the comparison, but the contribution has been integrated since the check was not supposed to live too long (local.inc to be replaced by site admin UI config). However, due to current availability of our best experts in field, we should not check breached password on all instances. Integrators should not assume that a future work will be made soon https://gerrit.tuleap.net/#/c/10672/4/src/common/password/PasswordStrategy.class.php@41 This is part of story #11182: prevent users to use a breached password Change-Id: I67cc2a0dcb4babe4d3aa9e2463eecdcc26c80c5b

Modified Files

Name
M src/common/password/PasswordStrategy.class.php +1 −1 Go to diff View file