July 10, 2007
Customization that allows enforcing of password standards, such as:The password must be 6-8 characters in lengthThe password must contain numbers & alphabetic charactersThe password cannot start or end with a numericThe password cannot contain the login nameThe password cannot match any of the previous 13 passwordsetc.http://www.dovetailsoftware.com/download/connections2001/password.zipgschwartz replied to this with: Gary,Thank you for this post. In reading through the code, it appears that the users' previous passwords will be stored in cleartext in the custom database fields you added to table_user. Am I reading this correctly?I'd like to avoid this, perhaps by using stored procedures or global code subroutines with decryption/encryption algorithms. They would not have to be the same ones clarify uses. Then we can store the encrypted old passwords and compare against the decrypted query results.Any suggestions on where to find algorithms like this? Or alternative implementation suggestions?Thanks…
Enforce Password Standards
July 10, 2007
Customization that allows enforcing of password standards, such as:The password must be 6-8 characters in lengthThe password must contain numbers & alphabetic charactersThe password cannot start or end with a numericThe password cannot contain the login nameThe password cannot match any of the previous 13 passwordsetc.http://www.dovetailsoftware.com/download/connections2001/password.zipgschwartz replied to this with: Gary,Thank you for this post. In reading through the code, it appears that the users' previous passwords will be stored in cleartext in the custom database fields you added to table_user. Am I reading this correctly?I'd like to avoid this, perhaps by using stored procedures or global code subroutines with decryption/encryption algorithms. They would not have to be the same ones clarify uses. Then we can store the encrypted old passwords and compare against the decrypted query results.Any suggestions on where to find algorithms like this? Or alternative implementation suggestions?Thanks…