Perhaps it would nice if you can plug in your own algorithm. Acutally I'm thing about using Google for password strength judgement. The only problem is that - as far as I know - you can contact the google search just via HTTP, but this would be a nice way to get rid of simple passwords....
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
I'm not talking about using the Google JavaScript files for password strength but the simple web search, so that a password with fewer hits is much better than a password with many hits. The problem is that afaik the Google search doesn't support SSL.
That's a creative approach, but fewer hits probably isn't as indicative of a strong password as you might think. For example, mysuperstrongpassword returns no records, but is clearly not a strong password by any stretch of the imagination. Additionally, even if they did support SSL, queries are still sent via the query string rendering SSL useless:
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
That's a creative approach, but fewer hits probably isn't as indicative of a strong password as you might think. For example, mysuperstrongpassword returns no records, but is clearly not a strong password by any stretch of the imagination. Additionally, even if they did support SSL, queries are still sent via the query string rendering SSL useless:
There are dictionary webservices available. Even those aren't terribly helpful though as the algorithm needs to check possible strings within the password against word lists. A version I built by reverse engineering the MSN one does exactly that, but the word lists are hard-coded.
This example uses server-side logic to measure password strength and AJAX calls to query the server-side system.
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
Indeed, not completely useless. However, the password is exposed locally in the browser's cache/history. So, to those who don't want their password exposed, it's still a good idea to not send it over the wire in the query string, SSL or not.
Bottom line, if the data is sensitive, then POST and SSL in combination is the only option.
Jeff Howden
Ext JS - Support Team Volunteer jeff@extjs.com
Any and all code samples that are authored by me and posted on the Ext forums or website are hereby released into the public domain and I release anyone or entity of liability by using said code samples unless explicitly stated otherwise.
Opinions are mine and not necessarily endorsed by Ext, LLC. Please do not contact me directly for assistance unless requested by me.
Originally Posted by JeffHowden
Reply With Quote
