Check on users having the same password
In addition to the blacklisted passwords test it could be helpfull to check on users having the same password resp. md5 hash. I guess we can agree on these passwords being too weak in most cases as well but not being covered by the blacklist tests.
#4 Updated by Tomas Norre Mikkelsen over 6 years ago
Is the task only for plain-text and md5 passwords? or also for RSA-password?
RSA-passwords are not alike even though the are the same =)
Above is same password =) but for diffent users. =)
RSA is as I understand it a crypt-sum of various parameters for the db-user, so they will never be alike in db-field.
Please confirm what the task contains, such best result possible is made in first version ;)
#7 Updated by Tomas Norre Mikkelsen over 6 years ago
Now the patch is ready for review =)
I'm not sure if the is a service/function for the SQL-part, I thought about the getRecord function, but it only returns first element reached, so this was not an option.
So actually as the test is before this patch, if to users have the same password, only on of the user will be "careless_user", so this patch is needed.
Perhaps this could be made smarter, but then let me know. I'm here to help and I want to learn too ;)
PS: The patch don't have a changed text in status massage, but this could easily be done when the concept/method is right =)
#8 Updated by Tobias Liebig over 6 years ago
from reading the patch, i think this won't work, if your Caretaker and your Caretaker Instance are NOT the same system.
The ...TestService is what is executed in central caretaker. It executes remote "operations" (executeRemoteOperations). Multiple operations are packed into one "command". This command will be send over a openssl secured channel to the remote caretaker instance. Each operation in this command is then executed on the remote side and their "results" came back to the central caretaker. The TestService then can check the commandResult, which contains the results of remote executed operations and decides based on this results if the Test should fail or pass.
Your patch will execute the SQL on the central caretaker side, instead of the remote side, which is properly not what you want to do.
#10 Updated by Tomas Norre Mikkelsen over 6 years ago
Thank you for your feedback.
I might have misunderstod the concept then, I thought that the caretaker_instance at server and client should be same version. My test show that this works if client and server version of caretaker_instance is the same. But I will look into the solution again with the new knowledge =)
I can make a new test, but thought they should be together thus they are related.
Besides, did you see my note on Blacklisted password that if two users have same blacklisted password, only first match will result in error.