review password policy

We should decide if we want the public API to enforce any particular policy regarding password security (e.g., minimum length, characters used, etc.).  I have no particular opinion on this but it seems like something we should decide explicitly before MVP.

References:
https://github.com/oxidecomputer/omicron/blob/9d1bd5539225b6a225ba3655ceab852c71baa04a/nexus/types/src/external_api/params.rs#L223-L225
https://github.com/oxidecomputer/omicron/blob/9d1bd5539225b6a225ba3655ceab852c71baa04a/nexus/types/src/external_api/params.rs#L252-L253

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

review password policy #2307

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	// TODO-security If we want to apply password policy rules, this seems
	// like the place. We presumably want to also document them in the
	// OpenAPI schema below.

	// TODO-doc If we apply password strength rules, they should
	// presumably be documented here.

review password policy #2307

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions