Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

密码强度规则优化 #238

Closed
Xmandon opened this issue Jan 11, 2022 · 3 comments · Fixed by #302
Closed

密码强度规则优化 #238

Xmandon opened this issue Jan 11, 2022 · 3 comments · Fixed by #302
Assignees
@Xmandon
Labels
Layer: api Api module related Sign: security Something related to security
Milestone
Y2022M09-10

Comments

@Xmandon
Copy link
Collaborator

Xmandon commented Jan 11, 2022

image
@Xmandon Xmandon self-assigned this Jan 11, 2022
@Xmandon Xmandon mentioned this issue Jan 11, 2022
Closed
15 tasks
@IMBlues IMBlues added Layer: api Api module related Sign: security Something related to security labels Jan 17, 2022
@Xmandon Xmandon added this to the Y2022M07-M08 milestone Feb 14, 2022
@IMBlues
Copy link
Contributor

IMBlues commented Feb 23, 2022

关于让用户自定义输入正则,需要注意的问题:Python 正则很慢,而我们页面上每次添加用户都需要走密码校验,导致服务本身可能会被 DoS 攻击。

是否在用户填写时多增加一些提示和警告?

参考:

@Xmandon
Copy link
Collaborator Author

Xmandon commented Feb 23, 2022

补充设计稿
https://tp5it9.axshare.com/#id=2t0c5w&p=%E5%AF%86%E7%A0%81%E5%BC%BA%E5%BA%A6%E8%87%AA%E5%AE%9A%E4%B9%89%E9%85%8D%E7%BD%AE&g=1

@Xmandon Xmandon modified the milestones: Y2022M07-M08, Y2022M09-10 Feb 28, 2022
IMBlues added a commit to IMBlues/bk-user that referenced this issue Feb 28, 2022
@IMBlues
feat: 支持密码连续字符等功能检测 TencentBlueKing#238
dc5d919
@IMBlues IMBlues linked a pull request Feb 28, 2022 that will close this issue
feat: 支持密码连续字符等功能检测 #238 #302
Merged
@IMBlues
Copy link
Contributor

IMBlues commented Mar 1, 2022
edited
Loading

关于 ReDoS 我这里做了一些总结和分析,有兴趣可以扩展阅读:

https://emergencyexit.xyz/redos-and-why.html

IMBlues added a commit that referenced this issue Mar 1, 2022
@IMBlues
Merge pull request #302 from IMBlues/fix-dev-tmpl
17c5d9b 
feat: 支持密码连续字符等功能检测 #238
yuri0528 added a commit to yuri0528/bk-user that referenced this issue Mar 2, 2022
@yuri0528
fix: 密码设置增加配置 TencentBlueKing#238
a16dfd3
EmilyMei pushed a commit that referenced this issue Mar 7, 2022
@yuri0528 @EmilyMei
fix: 密码设置增加配置 #238
847221c
@Xmandon Xmandon closed this as completed Mar 14, 2022
@wklken wklken mentioned this issue May 11, 2022
Closed
@wklken wklken mentioned this issue Jul 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Xmandon Xmandon

Labels
Layer: api Api module related Sign: security Something related to security
Projects
None yet
Milestone
Y2022M09-10
Development

Successfully merging a pull request may close this issue.

feat: 支持密码连续字符等功能检测 #238 IMBlues/bk-user
2 participants
@IMBlues @Xmandon