Data::Transpose::PasswordPolicy - Perl extension to enforce password policy
use Data::Transpose::PasswordPolicy; my %credentials = (username => "marco", password => "My.very.very.5strong.pzwd" ); my $pv = Data::Transpose::PasswordPolicy->new(\%credentials) if (my $password = $pv->is_valid) { print "$password is OK"; } else { die $pv->error }
This module enforces the password policy, doing a number of checking. The author reccomends to use passphrases instead of password, using some special character (like punctuation) as separator, with 4-5 words in mixed case and with numbers as a good measure.
You can add the policy to the constructor, where minlength is the minimum password length, maxlength is the maximum password and mindiffchars is the minimum number of different characters in the password. Read below for patternlength
minlength
maxlength
mindiffchars
patternlength
By default all checkings are enabled. If you want to configure the policy, pass an hashref assigning to the disabled checking a true value. This will leave only the length checks in place, which you can tweak with the accessors. For example:
my %validate = ( username => "marco", password => "ciao", minlength => 10, maxlength => 50, patternlength => 4, mindiffchars => 5, disabled => { digits => 1, mixed => 1, } my $pv = Data::Transpose::PasswordPolicy->new(\%validate) $pv->is_valid ? "OK" : "not OK";
See below for the list of the available checkings.
Please note: the purpose of this module is not to try to crack the password provided, but to set a policy for the passwords, which should have some minimum standards, and could be used on web services to stop users to set trivial password (without keeping the server busy for seconds while we check it). Nothing more.
Create a new Data::Transpose::PasswordPolicy object using the credentials provided as hashref.
Set and return the new password. If no argument is provided, returns the current. It will strip leading and trailing spaces.
Set and return the new username. If no argument is provided, returns the current. It will strip leading and trailing spaces.
It returns the length of the password;
Returns the minimum length required. If a numeric argument is provided, set that limit. Defaults to 255;
As above, but for the maximum. Defaults to 12;
As above, but set the minimum of different characters (to avoid things like 00000000000000000ciao00000000000.
Defaults to 6;
As above, but set the length of the common patterns we will search in the password, like "abcd", or "1234", or "asdf". By default it's 3, so a password which merely contains "abc" will be discarded.
This option can also be set in the constructor.
All the following methods operate on $obj->password and return the message of the error if something if not OK, while returning false if nothing suspicious was found.
Check if the password is in the range of permitted lengths.
Check if the password contains the username, even if obfuscated.
Disable keyword: username
username
Check if the password contains, even obfuscated, common password like "password" et similia.
Disable keyword: common
common
Check if the password has enough different characters.
Disable keyword: varchars
varchars
Check if the password has mixed cases
Disable keyword: mixed
mixed
Check if the password has non-word characters
Disable keyword: specials
specials
Check if the password has digits
Disable keyword: digits
digits
Check if the password has letters
Disable keyword: letters
letters
Check if the password contains usual patterns like 12345, abcd, or asdf (like in the qwerty keyboard).
Disable keyword: patterns
patterns
Return the password if matches the policy or a false value if not.
For convenience, this method can accept the password to validate as argument, which will overwrite the one provided with the password method (if it was set).
password
With argument, set the error. Without, return the errors found in the password.
In list context, we pass the array with the error codes and the strings. In scalar context, we return the concatenated error strings.
Inherited from Data::Transpose::Validator::Base;
Return a list of the error codes found in the password. The error codes match the options. (e.g. mixed, patterns).
If you want the verbose string, you need the error method.
error
Clear the object from previous errors, in case you want to reuse it.
Disable the checking(s) passed as list of strings.
Same as above, but enable the checking
Return true if the checking is disable.
None by default.
http://xkcd.com/936/
Marco Pessotto, <melmothx@gmail.com>
Copyright (C) 2013 by Marco Pessotto
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.16.2 or, at your option, any later version of Perl 5 you may have available.
To install Data::Transpose, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Data::Transpose
CPAN shell
perl -MCPAN -e shell install Data::Transpose
For more information on module installation, please visit the detailed CPAN module installation guide.