Jump to content

Password Banned List


MadHatter
 Share

Recommended Posts

I've made a module for checking a password against a banned list. The list comes from the 10,000 most common password list and when input will produce an error informing the user that their password is in the list and a more secure password should be used. The module was based on a question I asked in the development section (over here).

The banned list is found in the module as banned.list so passwords can be added/removed as required.

The module should be in the Modules section once it has been approved.

PasswordBannedList.zip

  • Like 9
Link to comment
Share on other sites

MadHatter, thanks for your submission to the modules directory. This seems like a very good and useful module so thanks for making it. In reviewing the module, I had one suggestion/request: Because this is an autoload module, and because your $this->bad array gets populated from your init(), your bad passwords file gets loaded into memory on every request. That's ~73 kb worth of bad passwords that are loaded every time ProcessWire runs, which is a significant amount of memory. Because your bad password list is only needed at certain times (i.e. after InputfieldPassword::processInput), I wanted to suggest moving the population of $this->bad from your init() method to your checkPass() method. Or maybe you don't even need to bother with having a $this->bad array, and could keep it all localized to your checkPass method, as InputfieldPassword::processInput is not likely to be called more than once in a request anyway (i.e. no need to cache it). 

  • Like 1
Link to comment
Share on other sites

Hi Ryan,

Thanks for the information, I'll update the module in GitHub when I get the chance (switching computers at work today). Do I need to do anything special to update the Module listing (such as version number)?

Link to comment
Share on other sites

Actually you don't need to do anything other than update your GitHub. The modules directory will pick up the new version automatically. However, it keeps a cache from GitHub so it may take up to half a day before it sees the changes. So if you don't want to wait for it you can always edit your module listing manually too.

Link to comment
Share on other sites

  • 4 months later...

Password Banned List has been updated, you can now add your own banned.list file to site/assets/PasswordBannedList/ dirctory. Each password should be written on a separate line, and this won't get overwritten when the module is updated.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...