Suggestion: when adding new users, unless it is overwritten, generate and assign a strong 16 (or more) character random password #4311
Comments
|
@Wikinaut How will that generated password be transmitted to the user - displayed to the admin? |
Yes, like in MediaWiki: when you have the permission to create accounts (e.g. as an admin), you de-facto trigger what I call "passwort reset sequence" for the new user: (it's not a "reset". Read "create", but has the some function.) In other words: during account creation in ownCloud
In MediaWiki, as Admin you have a checkbox so that you can see the generated token (= initial password for the new user). In short: look, what MediaWiki is doing. |
|
The default action should be that when a new account is created by ownCloud admin, a cryptographically strong random password is generated and sent to the new account owner. Then - after an account e-mail confirmation cycle - the user is allowed to add further personal data (not earlier!). |
|
@MTRichards something for the road map? |
|
Yes! As long as somehow notifies the user of the password. :) |
|
MTRichards wrote
OC can send the mail. It is the same code as for "I forgot my password". Check MediaWiki, where we have implemented all these things in a safe and secure and code-reviewed and security-audited way. No way to re-invent the wheel. My message: copy what MediaWiki already has built-in and proved to be working. |
If it's that easy: pull requests are always welcome 😉 |
|
I didn't find this post in the first place that's why I created a new request: #17398 |
Suggestion: when adding new users assign a strong 16 (or more) character random password which can be overwritten by admin when creating the user account.
The text was updated successfully, but these errors were encountered: