Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Null 4 posts 24 karma points
    May 28, 2015 @ 13:11

    Security concerns with Members


    I was playing around with the RegisterMember snippet and I notice a couple of things.

    1. The minimum password length seems to be 4.

    2. There are no complexity requirements at all - aaaa is a valid password?

    3. There is no account lockout after x number of invalid passwords.

    Would someone be able to point me in the right direction to where I could change this?

    Ideally I'll also like to create password reset email functionality and member activation email functionality so member accounts must be activated by a link in an email. Would it be straight forward to add this in?

    Thanks in advance! 

  • Richard Eyres 98 posts 580 karma points
    May 29, 2015 @ 13:15
    Richard Eyres

    You could make the amends within the eeb.config file. There are 2 membership provides (UmbracoMembershipProvider and UsersMembershipProvider). You get set the complexity and length of the password as any other .net application using this provider.

    As for the email functionality, you could do this by creating your own surface controller to manage the interaction with logging into a members area. You could use this process to make any types of amends required. I would recommend looking at the existing controller to get an idea of what is required. We did something similar to a client of ours a few months back. It just takes a little time and code for it be done. I am not aware of any inbuilt functionality.

    Have not had the need to add the email validation with Umbraco Backoffice access - but that should ideally be managed via an Admin rather than a signup form.

Please Sign in or register to post replies

Write your reply to: