Correction…
Downloads of source and binary distributions are listed in our download
> section:
>
> http://cassandra.apache.org/download/
>
The source and binary distributions are to be found here:
https://downloads.apache.org/cassandra/4.1-beta1/
(4.1 won't appear on our downloads page until
Jackson,
You make a good case for implementing a solution that works with existing
policies vs perhaps better but less common practices.
There was a OSS password complexity meter in the OWASP Enterprise Security
API (ESAPI) Java toolkit in ESAPI 2.x. It was a pass/fail meter testing
for complexi
I agree that any password change (or attempted change) would be very important
audit data that would need to be captured, I don’t think that auditors would
necessarily need to know the reason for rejection for a validator? Maybe I’ve
just worked within less strict auditing requirements though.
Password Meter - This is an interesting use case, password meters work really
well when users are using a visual aid (like a website sign up page). I’d be
concerned by just limiting the complexity that we would require to a single
number, when a user attempts to create or update a password that’
