Red Hat Bugzilla – Bug 1021123
Last modified: 2014-02-06 10:28:30 EST
Created attachment 814041 [details]
Password Requirements display suggested design
Description of problem:
Password requirements should be displayed consistently throughout the installer any time a password is required. For FSW - this should be for the administration console password, the Governer console, the BPEL console, and the H2 Database.
Version-Release number of selected component (if applicable):
Design attached showing suggested styling for password requirements.
The password requirements are not the same across all passwords we request of the user:
The BPEL and Admin user passwords certainly have the same requirements.
It is not possible (to me) to enforce any requirements upon the database password, since it will have been setup ahead of time (and outside of the installer)
The Governance Console password requirements are set to the same as BPEL and Admin, but I am not sure this is correct. It may have to change when the systems that use these passwords move to satisfying the security requirements (no plain-text passwords) but as of right now, the requirements enforced upon the Governance console password are artificial (manually changing the file to have the password be a single character, for instance, works)
This is not about making all the password requirements the same. The goal of this bug is to display the requirements the same way across the installer, regardless of what the requirements are.
So, on the EAP console username/password page that I put together, you can see the rounded rectangle alert box with the requirements listed. I would like to see this rounded rectangle box on each of the pages that the user needs to enter a password into with text explaining what the requirements are for that particular password entry field (each of which might have different text based on that one's requirements). This way, the user clearly understands what requirements the password must meet for the one they are currently entering without getting errors because we haven't told him upfront.
Does that make sense?
Oh yes, of course :) I was just mentioning the requirements because some of them may not be final yet; displaying the requirements (if any) in a standard way is a good goal.
Password requirements are now separated into their own paragraph to improve readability.
Verified in ER7 build.