Task #782 (new)
Opened 17 years ago
Last modified 9 years ago
Possibly add "expires" column to password table
Reported by: | jamoore | Owned by: | atarkowska |
---|---|---|---|
Priority: | minor | Milestone: | Unscheduled |
Component: | Security | Version: | 3.0-M1 |
Keywords: | n.a. | Cc: | atarkowska, cxallan |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
Currently we have no way to measure when a password should be changed. It might make sense to add an "expires" date column to the password table.
Change History (5)
comment:1 Changed 17 years ago by jmoore
- Owner changed from jmoore to atarkowska
comment:2 Changed 17 years ago by atarkowska
New column to PASSWORD table as created - date format with default value CURRENT_DATE
To IAdmin: java.util.Date (or String) getUserPasswordCreatedDate(Long id);
To Omero.properties: expire.time = 90 (days)
To JbossLoginModule?: when protected String getUsersPassword() throws LoginException? makes a statement:
select p.hash as PASSWD, p.dn as DN, p.created as CREATED from experimenter e, password p where e.omename=? and e.id = p.experimenter_id
and checks password in DB (LDAP plugin will not contain this option or If Ldap has password expire date inside we can support it as well) gets rs.getDate(3).
If CREATED+expire.time < TodayDate? true
else false
To WEBADMIN:
On the users list we can icon for each of account where password expired. The same information on user details page
comment:3 Changed 16 years ago by atarkowska
- Milestone changed from 3.0-Beta3 to 3.0-Beta4
comment:4 Changed 15 years ago by atarkowska
- Milestone changed from OMERO-Beta4 to Future
comment:5 Changed 9 years ago by jamoore
Ola: is there anything you want to keep here?
Passing off to Ola who already has an implementation.