Task #1231
RIB: Password validation issue
| Status: | Work Completed-End life cycle | Start date: | October 18, 2011 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | October 19, 2011 | |
| Assignee: |  Nazri Imran | % Done: | 100% | |
| Category: | Access Control | Spent time: | - | |
| Target version: | - |
Description
Password must have minimum 1 alphabet and 1 digit.
Accept all others except these characters [\"<>'%;&+]
History
#1
Updated by Tan Lee Yong almost 13 years ago
- Category set to Access Control
- Status changed from New - Begin Life Cycle to Internal Testing
- Assignee changed from Ahmad Hazri to Norhaidah Md Dasuki
Please verify is this task completed?
#2
Updated by Nazri Imran almost 13 years ago
- % Done changed from 0 to 100
The rules had been applied to the Password validation for both Agro Rib and Agro Ibam, the modules that take effect are the reset password and new password creation.
#3
Updated by Norhaidah Md Dasuki almost 13 years ago
- Assignee changed from Norhaidah Md Dasuki to Siti Norahayu Mohd Desa
Hi Ayu,
Kindly test. TQ
#4
Updated by Siti Norahayu Mohd Desa almost 13 years ago
- Status changed from Internal Testing to Development / Work In Progress
- Assignee changed from Siti Norahayu Mohd Desa to Wong Bernard
1) Register an Account
Actual Result - Password can be alphanumeric and special character.
Expected Result - Password is alphanumeric
#5
Updated by Wong Bernard almost 13 years ago
- Assignee changed from Wong Bernard to Siti Norahayu Mohd Desa
- Unchanged. I cannot find "alphanumeric and special character" in the IBApplicationResources.properties file. What page did you get this error message?
#6
Updated by Siti Norahayu Mohd Desa almost 13 years ago
- Assignee changed from Siti Norahayu Mohd Desa to Wong Bernard
During registration.
I can register my password with alphanumeric plus special character
#7
Updated by Wong Bernard almost 13 years ago
- Assignee changed from Wong Bernard to Nazri Imran
- Unchanged. The CommonRules.java where validations are defined has been changed by Narzi. His change comment:
Change password validation to accept at least one alpha, one numeric and all special characters except [\"<>'%;&+]
For some reason, the password validation has been changed. I'm assigning it to him for explanation on the change made and correction.
#8
Updated by Nazri Imran almost 13 years ago
Hi,
The password can accept all special character except [\"<>'%;&+]
The reason of this is to prevent sql injection which an unauthorized user may key in to have access to database
#9
Updated by Tan Lee Yong almost 13 years ago
Hi Ayu & Nazri,
Please make sure it accept alpha, numeric and special characters except the SQL injection. If this is done, consider done. Must explain to customer.
#10
Updated by Tan Lee Yong almost 13 years ago
- Status changed from Development / Work In Progress to Work Completed-End life cycle
This should be done at this moment.