-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suggestion: when adding new users, unless it is overwritten, generate and assign a strong 16 (or more) character random password #4311
Comments
@Wikinaut How will that generated password be transmitted to the user - displayed to the admin? |
Yes, like in MediaWiki: when you have the permission to create accounts (e.g. as an admin), you de-facto trigger what I call "passwort reset sequence" for the new user: (it's not a "reset". Read "create", but has the some function.) In other words: during account creation in ownCloud
In MediaWiki, as Admin you have a checkbox so that you can see the generated token (= initial password for the new user). In short: look, what MediaWiki is doing. |
The default action should be that when a new account is created by ownCloud admin, a cryptographically strong random password is generated and sent to the new account owner. Then - after an account e-mail confirmation cycle - the user is allowed to add further personal data (not earlier!). |
@MTRichards something for the road map? |
Yes! As long as somehow notifies the user of the password. :) |
MTRichards wrote
OC can send the mail. It is the same code as for "I forgot my password". Check MediaWiki, where we have implemented all these things in a safe and secure and code-reviewed and security-audited way. No way to re-invent the wheel. My message: copy what MediaWiki already has built-in and proved to be working. |
If it's that easy: pull requests are always welcome 😉 |
I didn't find this post in the first place that's why I created a new request: #17398 |
Suggestion: when adding new users assign a strong 16 (or more) character random password which can be overwritten by admin when creating the user account.
The text was updated successfully, but these errors were encountered: