Accept only defined character set as passwords

You can set alternative list of characters or the default (A-Z, a-z, 0-9) one on System Settings > Virtualmin > Defaults for new domains > Characters for random passwords field. And it works like a charm when creating new virtual servers provided users let the system generate passwords automatically.

However, the problem is that users can enter any characters when creating a new website or can to to Edit page later and change it, often time using special characters like ~|),. which then breaks their applications or password sync algorithms. Please make the password set and change form in Edit page consistent with the password set defined on Virtualmin configuration page and deny passwords which use non-defined characters during validation.

Status: 
Closed (works as designed)

Comments

Assigned: Unassigned ยป
Joe's picture
Submitted by Joe on Wed, 10/31/2018 - 19:42 Pro Licensee

What breaks, specifically? I would think weird passwords would be a good thing!

You're right as we have fixed our script by properly escaping special characters. Please just note that the above mention setting could give impressions to users that they are defining character set for password fields to accept whereas it's only for generating passwords when creating new domains.

It's a bit obscure, but you can control the allowed characters for passwords at Webmin -> System -> Users and Groups -> Module Config.