Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-16673

Setting minimum password length for Share has no effect


    • Bug Priority:
      Category 3
    • ACT Numbers:

      00695003, 00964038

    • Sprint:
    • Work Funnel End:
    • Story Points:


      Updating the share-config-custom.xml with the username and password configuration defined in the documentation (http://docs.alfresco.com/5.1/tasks/share-change-password.html) does not appear to have any effect. After increasing the minimum password length, for example, a user can still be created with a shorter password, and existing users can set a shorter password.

      [Steps to reproduce]

      1. Copy the following from <ALFRESCO_HOME>/tomcat/webapps/share/WEB-INF/classes/alfresco/share-config.xml to <ALFRESCO_HOME>/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml:

      <config evaluator="string-compare" condition="Users">
      <!-- minimum length for username and password -->
      <!-- This enables/disables the Add External Users Panel on the Add Users page. -->

      2. Set replace="true":

      <config evaluator="string-compare" condition="Users" replace="true">

      3. Update the password-min-length value to a higher value:


      4. Save the file, restart Alfresco if it was running.
      5. In Share, create a new user (UserA) with the password "password", which will be accepted despite being 8 characters (minimum should be 15).
      6. Login as UserA, and change password to "alfresco", which should be disallowed because it is also 8 characters. Note that the tool tip mentions the 3 character limit still (see min-password-tool-tip.png).

      [Expected Behaviour]
      Users should not be able to be created with a password shorter than <password-min-length>, and existing users should not be able to set a password shorter than <password-min-length>.

      [Observed Behaviour]
      The default <password-min-length> value of 3 characters is still being used despite changing the value according to the documentation.

      [Analysis to date]
      1. Customer business impact / priority / urgency: Low
      2. Ideal Fix Version: Future service pack





              • Assignee:
                closedbugs Closed Bugs (Inactive)
                dray Dwayne Ray
              • Votes:
                1 Vote for this issue
                9 Start watching this issue


                • Created:

                  Structure Helper Panel