Hi All, We are in the process of implementing password history validation feature for IS 6.0.0. Architecture of this feature was previously discussed in [1] by Isura for IS 5.3.0. We plan to follow same architecture with minor changes.
Previously history validation has been done by checking only last 'n' number of attempts. Ex. you cannot use a password which is inside last 5 attempts. This time we additionally validate time factor as well Ex. you cannot use a password, if there is a similar password with created date inside last 7days. Table structure will be changed as below since we have unique user ID in C5. *Previous * CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( ID INTEGER NOT NULL AUTO_INCREMENT, USER_NAME VARCHAR(255) NOT NULL, USER_DOMAIN VARCHAR(127) NOT NULL, TENANT_ID INTEGER DEFAULT -1, SALT_VALUE VARCHAR(255), HASH VARCHAR(255) NOT NULL, TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(ID), UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) )ENGINE INNODB; *New * CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( ID INTEGER NOT NULL AUTO_INCREMENT, USER_UNIQUE_ID VARCHAR(255) NOT NULL, SALT_VALUE VARCHAR(255), HASH VARCHAR(255) NOT NULL, TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY(ID), UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) )ENGINE INNODB; Password Hashing algorithm will be a configurable property. [1] [Architecture] Force Password Reset and Password History validation Thanks, Gayan -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
