I was playing around with the RegisterMember snippet and I notice a couple of things.
1. The minimum password length seems to be 4.
2. There are no complexity requirements at all - aaaa is a valid password?
3. There is no account lockout after x number of invalid passwords.
Would someone be able to point me in the right direction to where I could change this?
Ideally I'll also like to create password reset email functionality and member activation email functionality so member accounts must be activated by a link in an email. Would it be straight forward to add this in?
You could make the amends within the eeb.config file. There are 2 membership provides (UmbracoMembershipProvider and UsersMembershipProvider). You get set the complexity and length of the password as any other .net application using this provider.
As for the email functionality, you could do this by creating your own surface controller to manage the interaction with logging into a members area. You could use this process to make any types of amends required. I would recommend looking at the existing controller to get an idea of what is required. We did something similar to a client of ours a few months back. It just takes a little time and code for it be done. I am not aware of any inbuilt functionality.
Have not had the need to add the email validation with Umbraco Backoffice access - but that should ideally be managed via an Admin rather than a signup form.
Security concerns with Members
Hey,
I was playing around with the RegisterMember snippet and I notice a couple of things.
1. The minimum password length seems to be 4.
2. There are no complexity requirements at all - aaaa is a valid password?
3. There is no account lockout after x number of invalid passwords.
Would someone be able to point me in the right direction to where I could change this?
Ideally I'll also like to create password reset email functionality and member activation email functionality so member accounts must be activated by a link in an email. Would it be straight forward to add this in?
Thanks in advance!
You could make the amends within the eeb.config file. There are 2 membership provides (UmbracoMembershipProvider and UsersMembershipProvider). You get set the complexity and length of the password as any other .net application using this provider.
As for the email functionality, you could do this by creating your own surface controller to manage the interaction with logging into a members area. You could use this process to make any types of amends required. I would recommend looking at the existing controller to get an idea of what is required. We did something similar to a client of ours a few months back. It just takes a little time and code for it be done. I am not aware of any inbuilt functionality.
Have not had the need to add the email validation with Umbraco Backoffice access - but that should ideally be managed via an Admin rather than a signup form.
is working on a reply...