RFR: 7820: Add validations for master password [v2]
Henrik Dafgård
hdafgard at openjdk.org
Sun Jul 24 00:29:12 UTC 2022
On Wed, 13 Jul 2022 11:49:20 GMT, Suchita Chaturvedi <schaturvedi at openjdk.org> wrote:
>> This PR adds password validations for master password field.
>
> Suchita Chaturvedi has updated the pull request incrementally with one additional commit since the last revision:
>
> Added Junit test cases and moved the logic to common util file
Changes requested by hdafgard (Reviewer).
application/org.openjdk.jmc.ui.common/src/main/java/org/openjdk/jmc/ui/common/security/PersistentCredentials.java line 87:
> 85: public static boolean isPasswordValid(final String password) {
> 86: Pattern PASSWORD_PATTERN = Pattern
> 87: .compile("^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#(&)[{-}]:;',?/*~$^+=<>]).{8,20}$"); //$NON-NLS-1$
I think we could make this quite a lot simpler. Generally I'd say that password length is more important than checking for special characters and numbers.
application/tests/org.openjdk.jmc.ui.test/src/test/java/org/openjdk/jmc/ui/test/security/MasterPasswordTest.java line 59:
> 57: }
> 58:
> 59: }
I would prefer better testing here. This is a decent place to implement some property based tests that use fuzzing to verify that inputs will satisfy the requirements of a minimum length, alphanumeric-ness and special characters.
-------------
PR: https://git.openjdk.org/jmc/pull/406
More information about the jmc-dev
mailing list