Prohibit users from choosing their own passwords #9

New Issue

felixalb · 2024-07-09T20:24:55+02:00

felixalb commented

2024-07-09 20:24:55 +02:00

When users have to choose and set a password for each database user, some are bound to either use a very bad password, or use their existing system account password. This will potentially leave their PVV/NTNU passwords laying around in random env-files and such, for applications using the database.

This could for example be implemented with an option in the configuration file that allows/disallows the "set password" feature.
The user should instead always be able to select an option to "generate a secure password and show once", like the access tokens found on GitHub and many other platforms. If they want to retrieve the password, they should rather change it by generating a new random key.

When users have to choose and set a password for each database user, some are bound to either use a very bad password, or use their existing system account password. This will potentially leave their PVV/NTNU passwords laying around in random env-files and such, for applications using the database. This could for example be implemented with an option in the configuration file that allows/disallows the "set password" feature. The user should instead always be able to select an option to "generate a secure password and show once", like the access tokens found on GitHub and many other platforms. If they want to retrieve the password, they should rather change it by generating a new random key.

felixalb changed title from ~~Feature: Prohibit users from choosing their own passwords~~ to Prohibit users from choosing their own passwords

2024-07-12 23:53:37 +02:00

oysteikt added the

feature request

label 2024-07-28 15:24:35 +02:00

oysteikt referenced this issue

2024-08-06 01:21:45 +02:00

Ask users to create a password upon creating a user #18

Sign in to join this conversation.