Description
From [email protected] on April 21, 2010 11:11:05
The following issue is an enhancement request, to aid in the usability of
the methods in the Authenticator class.
I was looking at the Authenticator class for Java and noticed methods for
"verifyPasswordStrength" and "generateStrongPassword". I would like to use
both methods to augment our existing portal architecture which does not
support (or at least is not obvious to me) password strength checking other
than requiring passwords of a configurable length. As the portal handles
the authentication for our application, I wasn't keen on trying to map the
internal portal SDK to the Authenticator Interface, just to get support for
password strength validation. I may be alone in my thinking, but shouldn't
these stand-alone methods be moved to a separate concrete class with static
implementations of the methods. Or at minimum another interface,
AuthenticatorUtil for instance, that has these methods and can be
overridden to provide a custom implementation or the base reference
implementation can be used.
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=118