+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: Development Discussion & Specification (http://www.weberp.org/forum/forumdisplay.php?fid=10)
+--- Thread: Password Expiration (/showthread.php?tid=2724)
Password Expiration - agaluski - 03-12-2016
I have added some new feature in my branch. 2 new parameters are added to the system
1) Password change days. Default value is 0. If 0, no password expiration check. If positive, passwords must be changed every N days
2) Password Length, default 5 to keep current behavior. Allows long. If set then password changes MUST be at least N characters long.
A new check is done in UserSettings.php to ensure new password entered is not the same as current password (in future will prevent re-use - new param)
Every page checks password expiration and if password is expired redirects to UserSettings.php with a message that password must be changed.
Since I am a few versions behind I can't just check in the code to the project (Biggest difference is $db parm - I still have it).
I can contribute it if anybody else wants the code or wants to merge it with main project. Just contact me directly.
I am currently doing some final testing
Caveat - uses date_diff, php 5.3 required for that to work.
RE: Password Expiration - TimSchofield - 03-12-2016
I have had customers requesting password expiration but personally i don't like it. I feel it encourages simple passwords. For instance i have a 14 chracter password containing mixed case letters numbers and symbols which i can type in but even somebody watching me would have great trouble memorising. However if I had to change it frequently i would have to choose something much simpler as i would have problems with my aging memory.
Just my 2 cents
Tim
RE: Password Expiration - agaluski - 03-12-2016
Sometimes it is required based on industry, customers etc
RE: Password Expiration - phil - 03-14-2016
I think its a good idea - to have it as an option