Feeling Lucky
?
[#26526] - Randomly generated password reset - suppressing offensive words
- Closed
- 9 Oct 2019
- Low
- Build: 3.6.5
- # 26526
We had someone receive a randomly generated password that contained a word that some might consider offensive.
Is there a way to force a randomly generated password to regenerate if a specified list of words exists within the randomly generated password?
Is there any other way to avoid offensive words in a randomly generated password process?
We thought of ways to alter the standard genRandomPassword() function such as omitting the use of vowels (AEIOUaeiou).
However, we would prefer not to alter the standard Joomla installation.
| Closed_By | alikon | ⇒ | joomla-cms-bot |
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-10-09 06:21:54 |
| Closed_By | ⇒ | alikon |
joomla-cms-bot
- comment
- 9 Oct 2019
Set to "closed" on behalf of @alikon by The JTracker Application at issues.joomla.org/joomla-cms/26526
alikon
- comment
- 9 Oct 2019
as pointend above, very low probability that this happens
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/26526.
I'd suggest closing as a won't fix. The entire point of a random byte generator is to generate a random series of bits of data, and the
UserHelper::genRandomPassword()method converts that from a machine collection of data to a human parsable string. Something likebin2hex(random_bytes($length))(which is a much simpler implementation of that method, but lacking in character range asbin2hex()doesn't give uppercase characters) does have a chance of occasionally putting 3 or 4 characters together that might equate to profanity or otherwise not family friendly words in any Latin character based language, but I would suggest the odds of this happening are so low that adding an offensive term check to anything that's generating random strings adds more overhead to the code without adding cognitive benefit.