PHP download

Download the PHP package derhansen/pwd_security_check without Composer

On this page you can find all versions of the php package derhansen/pwd_security_check. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download derhansen/pwd_security_check
More information about derhansen/pwd_security_check
Files in derhansen/pwd_security_check

Vendor derhansen
Package pwd_security_check
Short Description TYPO3 Extension with a Symfony Console Command to check TYPO3 Backend and Frontend user passwords against a list of popular passwords.
License GPL-2.0-or-later
Homepage https://github.com/derhansen/pwd_security_check

Keywords TYPO3 CMS password security popular passwords

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package pwd_security_check

Password Security Check for TYPO3

What is it?

Since it is not possible out-of-the-box in TYPO3 to define password complexity rules of Backend and Frontend users, some users may choose very easy passwords for their user accounts. Especially for TYPO3 Backend Admin accounts, this can be dangerous, since it will be easier for attackers using brute force techniques to get access to the TYPO3 backend in this case.

This extension can help to get an overview or to get notified about TYPO3 Backend or Frontend users, who use a password that is found in a given list of popular passwords. The extension ships with a list of 10.000 most popular passwords used, but you can also use your own list (e.g. list with top passwords in local language).

Screenshots

Console Command

TYPO3 Report

Installation

Installation using Composer

The recommended way to install the extension is by using Composer. In your Composer based TYPO3 project root, just do composer require derhansen/pwd_security_check.

Installation as extension from TYPO3 Extension Repository (TER)

Download and install the extension with the TYPO3 extension manager module.

Usage

Please note, that the check can take a lot of time to finish. This depends primary on the amount of users and the amount of passwords to check.

CLI Arguments and Options

Command: bin/typo3 pwd_security_check:process

Get Help: bin/typo3 help pwd_security_check:process

Command arguments:

mode Mode (0 = Backend Admin Users, 1 = Backend Users, 2 = Frontend Users)
recipients E-Mail addresses to receive notification separated by space.

Command options:

-a Amount of passwords to check from passwords file. Warning: Higher value = longer check. [default: 100]
-f Absolute path to password file (EXT: notation allowed) [default: "EXT:pwd_security_check/Resources/Private/Text/popular_passwords.txt"]

TYPO3 Scheduler Support

The Symfony Command can also be executed using the TYPO3 scheduler. Note, that arguments can only be configured in TYPO3 9.5 and that options are currently not configurable using the TYPO3 scheduler.

FAQ

Is this a hacker tool?

No, at least it is not meant to be one. Therefore matched passwords are not displayed. Also, it is not very worthwhile to use this tool and try to bruteforce crack a TYPO3 account password, as it does not support parallel checks and the task may take hours/days/weeks/years.

Feedback and updates

The extension is hosted on GitHub. Please report feedback, bugs and changerequests directly at https://github.com/derhansen/pwd_security_check

Credits

Password file

The included file with top 10.000 popular passwords has been downloaded from https://github.com/danielmiessler/SecLists

All versions of pwd_security_check with dependencies

PHP Build Version

Package Version

Version 4.0.0 Release 15. May 2023
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of pwd_security_check from vendor derhansen

Requires typo3/cms-core Version ^12.4

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package derhansen/pwd_security_check contains the following files

Loading the files please wait ....