Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2288

Plesk: Update strength of automatic password generator

        Details

        • Type: Improvement
        • Status: Closed
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: 3.6.2
        • Fix Version/s: 4.7.0-b1
        • Component/s: Modules
        • Labels:
          None

          Description

          Feature request @ https://requests.blesta.com/topic/admin-ability-to-config-client-password-requirements

          When Plesk provisions accounts, the passwords it generates are not secure enough for Plesk's default password security. The default security of password in Plesk are set as "Strong" with the following definition:

          • At least 8 characters
          • At least one uppercase letter
          • At least one lowercase letter
          • At least one digit
          • At least one special character

          Plesk also has a "Very Strong" password option, that has the following requirements. It may be worth considering generating passwords to meet this standard so that it will be sufficient regardless of the configuration of Plesk:

          • At least 16 characters
          • Include multiple occurrences of uppercase letters
          • Include multiple occurrences of lowercase letters
          • Include multiple occurrences of digits
          • Include multiple occurrences of special characters

          Originally reported here, see also for screenshot of Plesk password strength settings. https://www.blesta.com/forums/index.php?/topic/7633-plesk-module-bugs/

            Activity

            Ascending order - Click to sort in descending order
            admin Paul Phillips created issue -
            Hide
            Permalink
            tyson Tyson Phillips (Inactive) added a comment -

            This looks like a good task to employ the JS password generator from CORE-552

            Show
            tyson Tyson Phillips (Inactive) added a comment - This looks like a good task to employ the JS password generator from CORE-552
            tyson Tyson Phillips (Inactive) made changes -
            Field Original Value New Value
            Story Points 2
            Hide
            Permalink
            admin Paul Phillips added a comment -

            The JS password generator would work for resetting the password as a client or admin, but we would still need to generate the password automatically in PHP to pass to Plesk.

            Maybe a separate task for the JS password generator in the staff/client area for resets?

            Show
            admin Paul Phillips added a comment - The JS password generator would work for resetting the password as a client or admin, but we would still need to generate the password automatically in PHP to pass to Plesk. Maybe a separate task for the JS password generator in the staff/client area for resets?
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 1 [ 68 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked higher
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 1 [ 68 ] 4.6.0 Sprint 2 [ 69 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked lower
            tyson Tyson Phillips (Inactive) made changes -
            Fix Version/s 4.6.0-b1 [ 11117 ]
            Fix Version/s Short Term [ 10800 ]
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 2 [ 69 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3 [ 69, 79 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked higher
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3 [ 69, 79 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 4 [ 69, 79, 80 ]
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 4 [ 69, 79, 80 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 5 [ 69, 79, 81 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked lower
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 6 [ 69, 79, 81 ] 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 6, 4.6.0 Sprint 7 [ 69, 79, 81, 85 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked higher
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked lower
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 2, 4.6.0 Sprint 3, 4.6.0 Sprint 6, 4.6.0 Sprint 7 [ 69, 79, 81, 85 ] 4.6.0 Sprint 2, 4.7.0 Sprint 1, 4.6.0 Sprint 3, 4.6.0 Sprint 6 [ 69, 76, 79, 81 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked lower
            tyson Tyson Phillips (Inactive) made changes -
            Fix Version/s 4.6.0-b1 [ 11117 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked higher
            tyson Tyson Phillips (Inactive) made changes -
            Description When Plesk provisions accounts, the passwords it generates are not secure enough for Plesk's default password security. The default security of password in Plesk are set as "Strong" with the following definition:

            * At least 8 characters
            * At least one uppercase letter
            * At least one lowercase letter
            * At least one digit
            * At least one special character

            Plesk also has a "Very Strong" password option, that has the following requirements. It may be worth considering generating passwords to meet this standard so that it will be sufficient regardless of the configuration of Plesk:

            * At least 16 characters
            * Include multiple occurrences of uppercase letters
            * Include multiple occurrences of lowercase letters
            * Include multiple occurrences of digits
            * Include multiple occurrences of special characters

            Originally reported here, see also for screenshot of Plesk password strength settings. https://www.blesta.com/forums/index.php?/topic/7633-plesk-module-bugs/             		Feature request @ https://requests.blesta.com/topic/admin-ability-to-config-client-password-requirements

            When Plesk provisions accounts, the passwords it generates are not secure enough for Plesk's default password security. The default security of password in Plesk are set as "Strong" with the following definition:

            * At least 8 characters
            * At least one uppercase letter
            * At least one lowercase letter
            * At least one digit
            * At least one special character

            Plesk also has a "Very Strong" password option, that has the following requirements. It may be worth considering generating passwords to meet this standard so that it will be sufficient regardless of the configuration of Plesk:

            * At least 16 characters
            * Include multiple occurrences of uppercase letters
            * Include multiple occurrences of lowercase letters
            * Include multiple occurrences of digits
            * Include multiple occurrences of special characters

            Originally reported here, see also for screenshot of Plesk password strength settings. https://www.blesta.com/forums/index.php?/topic/7633-plesk-module-bugs/
            jonathan Jonathan Reissmueller made changes -
            Assignee Jonathan Reissmueller [ jonathan ]
            Automated transition triggered when Jonathan Reissmueller created a branch in Stash -
            Status Open [ 1 ] In Progress [ 3 ]
            jonathan Jonathan Reissmueller made changes -
            Remaining Estimate 0 minutes [ 0 ]
            Time Spent 1 hour, 19 minutes [ 4740 ]
            Worklog Id 12378 [ 12378 ]
            Automated transition triggered when Jonathan Reissmueller created pull request #9 in Stash -
            Status In Progress [ 3 ] In Review [ 5 ]
            Resolution Fixed [ 1 ]
            tyson Tyson Phillips (Inactive) made changes -
            Fix Version/s 4.7.0-b1 [ 11123 ]
            tyson Tyson Phillips (Inactive) made changes -
            Sprint 4.6.0 Sprint 2, 4.7.0 Sprint 1, 4.6.0 Sprint 3, 4.6.0 Sprint 6 [ 69, 76, 79, 81 ] 4.6.0 Sprint 2, 4.7.0 Sprint 1, 4.6.0 Sprint 3, 4.6.0 Sprint 6, 4.7.0 Sprint 2 [ 69, 76, 79, 81, 87 ]
            tyson Tyson Phillips (Inactive) made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Time Spent 1 hour, 19 minutes [ 4740 ] 3 hours, 35 minutes [ 12900 ]
            Worklog Id 12429 [ 12429 ]
            Automated transition triggered when Tyson Phillips (Inactive) merged pull request #9 in Stash -
            Status In Review [ 5 ] Closed [ 6 ]

              People

              • Assignee:
                jonathan Jonathan Reissmueller
                Reporter:
                admin Paul Phillips
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  5/Sep/19

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours, 35 minutes
                  3h 35m

                    Agile