Eric: To get what you have outlined (and much more) you just build your own within 4D. We had to have a very modern password system in our software since before 2000.
We have built our new shell with all of the password control in it. The nice thing is that the System Administrator gets to set how strict all of these item are, and which ones are activated. Therefore this permits a small company that decides they do not care about it, to have very simple password system. They can then choose to ratchet up the complexity as they need it. We also implemented that the Administrator can decide if they want to E-Mail various alerts. That way you can know that someone is having trouble getting logged in, or that their account was locked out after too many attempts. The E-Mailing has very many options as well. All of this information is also saved to logs. Our experience is that system Admins ignore most things. When there is trouble, then they can go back into the logs and gather all the information they need. We also let the administrator click on a button that then passes the login control to LDAP. So hopefully you can see that you can roll a very sophisticated system. I did not describe all the features by a long shot, but it gives you an idea of what you can do with 4D. Jody Bevan Argus Productions Inc. i...@4dshell.com <mailto:i...@4dshell.com> > On Sep 6, 2019, at 7:25 AM, Eric Naujock via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > Good morning, > I did take a look at that article a short while ago. Its an interesting > read and they do have a number of interesting security options available. But > there is still the fundamental issue that the gateway or login process is one > that can be hacked and sometimes quite easily die to the lack of modern > protections. When it was released it was pretty good but lately as I look > closer at it with questions from a state government security person I can see > a number of glaring holes that should be filled. These are the biggest ones I > see. > > 1. Passwords are only alphanumeric. > 2. No two factor options. > 3. Usernames and password are stored in the Structure file. (Very bad if your > revving structure files during continuous developemnt. > 4. No account lockouts for fail authentication attempts. An attacker can just > continuously try usernames and passwords indefinitely. > 5. The AD options require that you serve from a windows server bound to and > AD system. You cannot use this if you have Mac clients or a Apple server. > 6. No ability to define password difficulty or force password changes > periodically. (I know that need to change passwords regularly has been > debunked but most govt. best practice documents still believe that’s the way > to go.) > > Thanks for the feedback. > >> On Sep 6, 2019, at 3:22 AM, Maurice Inzirillo - AJAR >> <maurice.inziri...@ajar.ch> wrote: >> >> Hi Eric, >> >> Regarding 4D security I recommend to read this special 4D Security Guide to >> get a full idea of what 4D offers >> >> https://blog.4d.com/4d-security-guide/ >> <https://blog.4d.com/4d-security-guide/> >> >> >> Best regards, >> >> Maurice Inzirillo >> -- >> AJAR S.A. >> >> https://ch-fr.4d.com <https://ch-fr.4d.com/> >> twitter: ajar_info >> Tél : +41 (0)323422684 >> >> >> >> >>> On 5 Sep 2019, at 16:22, Eric Naujock via 4D_Tech <4d_tech@lists.4d.com >>> <mailto:4d_tech@lists.4d.com>> wrote: >>> >>> Does anyone have a replacement login system for 4D that offers stronger >>> authentication security than the current system. Since the current system >>> does not enforce password changes, or password complexity it is a pretty >>> poor system in the current age. While the encryption is crypt is is still >>> brute force attackable as well. There are no failed login lockouts. Nor is >>> three the ability to have two factor authentication? Or is this something >>> beyond what anyone out there is using. >>> >>> ----------------------------------------------------------------------- >>> >>> MacCafe >>> 7860 Central Ave. >>> Toledo, OH 43617 >>> Phone: (419) 885-1240 X 241 >>> Fax: (419) 517-2063 >>> Eric Naujock - ACSA 10.2, 10.3, 10.4 Apple - ACTC 10.5, 10.6, 10.7, 10.8, >>> 10.9, 10.10, -ACSP 10.11, 10.12, 10.13 >>> http://www.mac-cafe.com <http://www.mac-cafe.com/> >>> email: e <mailto:e...@mac-cafe.com>r...@mac-cafe.com >>> <mailto:e...@mac-cafe.com> >>> AOL IM: erlic >>> >>> >>> >>> ********************************************************************** >>> 4D Internet Users Group (4D iNUG) >>> Archive: http://lists.4d.com/archives.html >>> Options: https://lists.4d.com/mailman/options/4d_tech >>> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com >>> ********************************************************************** >> > > ********************************************************************** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
