Page MenuHomePhorge
Files F549589

PhabricatorCommonPasswords.php
No OneTemporary
Actions

Size
1 KB
Referenced Files
None
Subscribers
None

PhabricatorCommonPasswords.php
View Options

<?php
/**
* Check if a password is extremely common. Preventing use of the most common
* passwords is an attempt to mitigate slow botnet attacks against an entire
* userbase. See T4143 for discussion.
*
* @task common Checking Common Passwords
*/
final class PhabricatorCommonPasswords extends Phobject {
/* -( Checking Common Passwords )------------------------------------------ */
/**
* Check if a password is extremely common.
*
* @param string $password Password to test.
* @return bool True if the password is pathologically weak.
*
* @task common
*/
public static function isCommonPassword($password) {
static $list;
if ($list === null) {
$list = self::loadWordlist();
}
return isset($list[strtolower($password)]);
}
/**
* Load the common password wordlist.
*
* @return map<string, bool> Map of common passwords.
*
* @task common
*/
private static function loadWordlist() {
$root = dirname(phutil_get_library_root('phabricator'));
$file = $root.'/externals/wordlist/password.lst';
$data = Filesystem::readFile($file);
$words = phutil_split_lines($data, $retain_endings = false);
$map = array();
foreach ($words as $key => $word) {
// The wordlist file has some comments at the top, strip those out.
if (preg_match('/^#!comment:/', $word)) {
continue;
}
$map[strtolower($word)] = true;
}
// Add in some application-specific passwords.
$map += array(
'phabricator' => true,
'phab' => true,
'devtools' => true,
'differential' => true,
'codereview' => true,
'review' => true,
);
return $map;
}
}

File Metadata

Mime Type
text/x-php
Expires
Mon, May 12, 2:13 PM (2 d)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
122093
Default Alt Text
PhabricatorCommonPasswords.php (1 KB)

Event Timeline