Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2288

Plesk: Update strength of automatic password generator

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.2
    • Fix Version/s: 4.7.0-b1
    • Component/s: Modules
    • Labels:
      None

      Description

      Feature request @ https://requests.blesta.com/topic/admin-ability-to-config-client-password-requirements

      When Plesk provisions accounts, the passwords it generates are not secure enough for Plesk's default password security. The default security of password in Plesk are set as "Strong" with the following definition:

      • At least 8 characters
      • At least one uppercase letter
      • At least one lowercase letter
      • At least one digit
      • At least one special character

      Plesk also has a "Very Strong" password option, that has the following requirements. It may be worth considering generating passwords to meet this standard so that it will be sufficient regardless of the configuration of Plesk:

      • At least 16 characters
      • Include multiple occurrences of uppercase letters
      • Include multiple occurrences of lowercase letters
      • Include multiple occurrences of digits
      • Include multiple occurrences of special characters

      Originally reported here, see also for screenshot of Plesk password strength settings. https://www.blesta.com/forums/index.php?/topic/7633-plesk-module-bugs/

        Activity

        admin Paul Phillips created issue -
        Hide
        tyson Tyson Phillips (Inactive) added a comment -

        This looks like a good task to employ the JS password generator from CORE-552

        Show
        tyson Tyson Phillips (Inactive) added a comment - This looks like a good task to employ the JS password generator from CORE-552
        tyson Tyson Phillips (Inactive) made changes -
        Field Original Value New Value
        Story Points 2
        Hide
        admin Paul Phillips added a comment -

        The JS password generator would work for resetting the password as a client or admin, but we would still need to generate the password automatically in PHP to pass to Plesk.

        Maybe a separate task for the JS password generator in the staff/client area for resets?

        Show
        admin Paul Phillips added a comment - The JS password generator would work for resetting the password as a client or admin, but we would still need to generate the password automatically in PHP to pass to Plesk. Maybe a separate task for the JS password generator in the staff/client area for resets?
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 1 [ 68 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked higher
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 1 [ 68 ] 4.6.0 Sprint 2 [ 69 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked lower
        tyson Tyson Phillips (Inactive) made changes -
        Fix Version/s 4.6.0-b1 [ 11117 ]
        Fix Version/s Short Term [ 10800 ]
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 2 [ 69 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3 [ 69, 79 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked higher
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3 [ 69, 79 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 4 [ 69, 79, 80 ]
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 4 [ 69, 79, 80 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 5 [ 69, 79, 81 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked lower
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 6 [ 69, 79, 81 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 6, 4.6.0 Sprint 7 [ 69, 79, 81, 85 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked higher
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked lower
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 6, 4.6.0 Sprint 7 [ 69, 79, 81, 85 ] 4.6.0 Sprint 2, 4.7.0 Sprint 1, 4.6.0 Sprint 3, 4.6.0 Sprint 6 [ 69, 76, 79, 81 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked lower
        tyson Tyson Phillips (Inactive) made changes -
        Fix Version/s 4.6.0-b1 [ 11117 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked higher
        tyson Tyson Phillips (Inactive) made changes -
        Description When Plesk provisions accounts, the passwords it generates are not secure enough for Plesk's default password security. The default security of password in Plesk are set as "Strong" with the following definition:

        * At least 8 characters
        * At least one uppercase letter
        * At least one lowercase letter
        * At least one digit
        * At least one special character

        Plesk also has a "Very Strong" password option, that has the following requirements. It may be worth considering generating passwords to meet this standard so that it will be sufficient regardless of the configuration of Plesk:

        * At least 16 characters
        * Include multiple occurrences of uppercase letters
        * Include multiple occurrences of lowercase letters
        * Include multiple occurrences of digits
        * Include multiple occurrences of special characters

        Originally reported here, see also for screenshot of Plesk password strength settings. https://www.blesta.com/forums/index.php?/topic/7633-plesk-module-bugs/
        Feature request @ https://requests.blesta.com/topic/admin-ability-to-config-client-password-requirements

        When Plesk provisions accounts, the passwords it generates are not secure enough for Plesk's default password security. The default security of password in Plesk are set as "Strong" with the following definition:

        * At least 8 characters
        * At least one uppercase letter
        * At least one lowercase letter
        * At least one digit
        * At least one special character

        Plesk also has a "Very Strong" password option, that has the following requirements. It may be worth considering generating passwords to meet this standard so that it will be sufficient regardless of the configuration of Plesk:

        * At least 16 characters
        * Include multiple occurrences of uppercase letters
        * Include multiple occurrences of lowercase letters
        * Include multiple occurrences of digits
        * Include multiple occurrences of special characters

        Originally reported here, see also for screenshot of Plesk password strength settings. https://www.blesta.com/forums/index.php?/topic/7633-plesk-module-bugs/
        jonathan Jonathan Reissmueller made changes -
        Assignee Jonathan Reissmueller [ jonathan ]
        Automated transition triggered when Jonathan Reissmueller created a branch in Stash -
        Status Open [ 1 ] In Progress [ 3 ]
        jonathan Jonathan Reissmueller made changes -
        Remaining Estimate 0 minutes [ 0 ]
        Time Spent 1 hour, 19 minutes [ 4740 ]
        Worklog Id 12378 [ 12378 ]
        Automated transition triggered when Jonathan Reissmueller created pull request #9 in Stash -
        Status In Progress [ 3 ] In Review [ 5 ]
        Resolution Fixed [ 1 ]
        tyson Tyson Phillips (Inactive) made changes -
        Fix Version/s 4.7.0-b1 [ 11123 ]
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.6.0 Sprint 2, 4.7.0 Sprint 1, 4.6.0 Sprint 3, 4.6.0 Sprint 6 [ 69, 76, 79, 81 ] 4.6.0 Sprint 2, 4.7.0 Sprint 1, 4.6.0 Sprint 3, 4.6.0 Sprint 6, 4.7.0 Sprint 2 [ 69, 76, 79, 81, 87 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked higher
        jonathan Jonathan Reissmueller made changes -
        Time Spent 1 hour, 19 minutes [ 4740 ] 3 hours, 35 minutes [ 12900 ]
        Worklog Id 12429 [ 12429 ]
        Automated transition triggered when Tyson Phillips (Inactive) merged pull request #9 in Stash -
        Status In Review [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            jonathan Jonathan Reissmueller
            Reporter:
            admin Paul Phillips
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              5/Sep/19

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 3 hours, 35 minutes
              3h 35m

                Agile