Password Complexity in Omeka


#1

Is there a plugin for Omeka to protect against BRUTE FORCE attacks ? If not, how can I provide security to my Omeka site?
Is there a way to implement a password complexity in Omeka for users that attempt to login?

I saw that there is a parameter for setting length of a password (min and max), but is there a way to make sure the password fit those criteria :

  • doesn’t contain the username
  • contains at least one lowercase, one uppercase, one digit and a special characters (comma, period, exclamation mark, etc.)

Also, is there a way to deactivate the account after X unsuccessful password entry ?

If this doesn’t exist, how would you implement it ?

Any help on this would be greatly appreciated


#2

Hi

I’d like to repost these question as I have the same needs. The password requirements are so weak, and we’d like to integrate with Active Directory. Any thoughts?


#3

I build a module for that on Omeka S (https://github.com/Daniel-KM/Omeka-S-module-Lockout), but i didn’t backported it to Omeka Classic. It doesn’t check quality of password (it’s the responsability of the user), but avoids brute force attacks.