Bug 1021123 - Password requirements
Password requirements
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Installer (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity high
: ER7
: 6.0.0
Assigned To: Thomas Hauser
Len DiMaggio
Depends On:
  Show dependency treegraph
Reported: 2013-10-19 12:04 EDT by Catherine Robson
Modified: 2014-02-06 10:28 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Password Requirements display suggested design (94.78 KB, image/png)
2013-10-19 12:04 EDT, Catherine Robson
no flags Details

  None (edit)
Description Catherine Robson 2013-10-19 12:04:30 EDT
Created attachment 814041 [details]
Password Requirements display suggested design

Description of problem:
Password requirements should be displayed consistently throughout the installer any time a password is required.  For FSW - this should be for the administration console password, the Governer console, the BPEL console, and the H2 Database.

Version-Release number of selected component (if applicable):

Expected results:
Design attached showing suggested styling for password requirements.
Comment 2 Thomas Hauser 2013-10-22 17:10:38 EDT
The password requirements are not the same across all passwords we request of the user:

The BPEL and Admin user passwords certainly have the same requirements. 

It is not possible (to me) to enforce any requirements upon the database password, since it will have been setup ahead of time (and outside of the installer)

The Governance Console password requirements are set to the same as BPEL and Admin, but I am not sure this is correct. It may have to change when the systems that use these passwords move to satisfying the security requirements (no plain-text passwords) but as of right now, the requirements enforced upon the Governance console password are artificial (manually changing the file to have the password be a single character, for instance, works)
Comment 3 Catherine Robson 2013-10-22 19:21:56 EDT

This is not about making all the password requirements the same.  The goal of this bug is to display the requirements the same way across the installer, regardless of what the requirements are.

So, on the EAP console username/password page that I put together, you can see the rounded rectangle alert box with the requirements listed.  I would like to see this rounded rectangle box on each of the pages that the user needs to enter a password into with text explaining what the requirements are for that particular password entry field (each of which might have different text based on that one's requirements).  This way, the user clearly understands what requirements the password must meet for the one they are currently entering without getting errors because we haven't told him upfront.

Does that make sense?
Comment 4 Thomas Hauser 2013-10-23 09:51:28 EDT

Oh yes, of course :) I was just mentioning the requirements because some of them may not be final yet; displaying the requirements (if any) in a standard way is a good goal.
Comment 5 Thomas Hauser 2013-11-05 10:05:23 EST
Password requirements are now separated into their own paragraph to improve readability.
Comment 6 Pavol Srna 2013-12-16 10:20:12 EST
Verified in ER7 build.

Note You need to log in before you can comment on or make changes to this bug.