[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords

WordPress Trac noreply at wordpress.org
Fri Aug 16 21:02:28 UTC 2013


#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
----------------------------+-----------------------
 Reporter:  markjaquith     |       Owner:  westi
     Type:  task (blessed)  |      Status:  accepted
 Priority:  normal          |   Milestone:  3.7
Component:  Security        |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by nacin):

 Things get concatenated anyway in the admin, so I have little objection to
 keeping them separate. The benefit of keeping zxcvbn-async.js separate is
 that, as it is an external library, others can use it. And the library is
 realistically big enough to require async uploading for all usage.

 If we want everyone to use our password-strength-meter.js file, then we
 should move it out of wp-admin. That said, it seems pretty specific to
 *our* meter, which may not be the only use case of zxcvbn. It would also
 be nice to just keep the separation from our code and their code — though
 the async script is indeed tiny, and also modified by us for the script
 location. I don't have a strong preference either way.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:34>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list