Enforce Password Standards
Customization that allows enforcing of password standards, such as:
The password must be 6-8 characters in length
The password must contain numbers & alphabetic characters
The password cannot start or end with a numeric
The password cannot contain the login name
The password cannot match any of the previous 13 passwords
etc.
http://www.dovetailsoftware.com/download/connections2001/password.zip
gschwartz replied to this with:
Gary,
Thank
you for this post. In reading through the code, it appears that the
users’ previous passwords will be stored in cleartext in the custom
database fields you added to table_user. Am I reading this correctly?
I’d
like to avoid this, perhaps by using stored procedures or global code
subroutines with decryption/encryption algorithms. They would not have
to be the same ones clarify uses. Then we can store the encrypted old
passwords and compare against the decrypted query results.
Any suggestions on where to find algorithms like this? Or alternative implementation suggestions?
Thanks for your input,
Greg
My reply to Greg:
Greg,
Yes,
that is correct. The customer I originally wrote this for didn’t care
that they were in clear text, as these were “old” passwords, and users
didn’t have any direct SQL access to the database anyway.
Using
an encryption/decryption algorithm would be a pretty easy change to
make. You could write your own in CB, use something simple like ROT-13,
or make a call to a Java or COM object to do the encryption and compare.
You can even use built in SQL functions to do it. Here’s an example for SQL Server:
http://www.sqlmag.com/Articles/Index.cfm?ArticleID=9809
SQL Server’s Undocumented Password Encryption Functions
Just do a web search and you’ll find a lot of examples and free code for doing encryption.
Hope this helps.
-Gary
Gary Sherman
Dovetail Software
gary@dovetailsoftware.com
512-418-2905 x105
www.dovetailsoftware.com
