We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
More secure generated passwords?
More secure generated passwords?
Hi,
Is there any reason the password generator only uses a-z 0-9 ? (/js/pages/add_user.js) . I tweaked mine to be 15 chars long, AND include !@$%^*_-/ as well:
I don't like passwords where they don't have special charachters, as it makes it that little bit easier for hackers to guess the password ;)
Cheers
Andy
Is there any reason the password generator only uses a-z 0-9 ? (/js/pages/add_user.js) . I tweaked mine to be 15 chars long, AND include !@$%^*_-/ as well:
Code: Select all
randomString = function() {
var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-/';
var string_length = 15;
var randomstring = '';
for (var i = 0; i < string_length; i++) {
var rnum = Math.floor(Math.random() * chars.length);
randomstring += chars.substr(rnum, 1);
}
document.v_add_user.v_password.value = randomstring;
}
Cheers
Andy
Re: More secure generated passwords?
Thanks a lot for this tip youradds!
Indeed, I absolutely agree with you: at least a couple of special chars and, IMHO, a 16 chars password should be the minimum!
Anyway, if you wish to improve the randomString functions on all pages (add/edit user, mail account, DB, FTP), here's my quick how-to:
1) go to the '/usr/local/vesta/web/js/pages' directory;
2) make a full backup of this folder (just in case);
3) issue the following command to add special chars in the list ('chars' var - O_o looks like VestaCP's alphabet has some typos!):
4) issue the following command to increase password length ('string_length' var):
5) restart vesta service (I'm not sure this is needed...).
Don't forget to clear your browser's cache!
Have fun!
AC
Indeed, I absolutely agree with you: at least a couple of special chars and, IMHO, a 16 chars password should be the minimum!
Anyway, if you wish to improve the randomString functions on all pages (add/edit user, mail account, DB, FTP), here's my quick how-to:
1) go to the '/usr/local/vesta/web/js/pages' directory;
2) make a full backup of this folder (just in case);
3) issue the following command to add special chars in the list ('chars' var - O_o looks like VestaCP's alphabet has some typos!):
Code: Select all
sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@$%^*_-\//g' *.js
Code: Select all
sed -i 's/var string_length = 10/var string_length = 16/g' *.js
Don't forget to clear your browser's cache!
Have fun!
AC
Re: More secure generated passwords?
Good idea to do it that way :) For a simpler method, create a file on your server called fix-passwords.sh, with the following code:
Then run from SSH with:
It'll do all the magic for you then (including the backup of that directory)
Cheers
Andy
Code: Select all
cp /usr/local/vesta/web/js/pages /usr/local/vesta/web/js/pages-bak
cd /usr/local/vesta/web/js/pages
sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-\//g' *.js
sed -i 's/var string_length = 10/var string_length = 16/g' *.js
Code: Select all
sh fix-passwords.sh
Cheers
Andy
Re: More secure generated passwords?
Yeah, great!
Thanks again!
VestaCP rulez!
Thanks again!
VestaCP rulez!