On Sun, Mar 12, 2017 at 7:59 AM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
> Hi All, > Can the hash algorithm change over the time? > In general practice this will be a one time configuration. > If so we need to record the hash algorithm used to do hashing along with > the particular password history record. We need to use the particular > algorithm to do the comparison, not the system configured one. > +1 > > Cheers, > Ruwan > > > On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <ga...@wso2.com> wrote: > >> Hi All, >> >> We are in the process of implementing password history validation feature >> for IS 6.0.0. Architecture of this feature was previously discussed in [1] >> by Isura for IS 5.3.0. We plan to follow same architecture with minor >> changes. >> >> Previously history validation has been done by checking only last 'n' >> number of attempts. Ex. you cannot use a password which is inside last 5 >> attempts. This time we additionally validate time factor as well Ex. you >> cannot use a password, if there is a similar password with created date >> inside last 7days. >> >> Table structure will be changed as below since we have unique user ID in >> C5. >> >> *Previous * >> >> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >> ID INTEGER NOT NULL AUTO_INCREMENT, >> USER_NAME VARCHAR(255) NOT NULL, >> USER_DOMAIN VARCHAR(127) NOT NULL, >> TENANT_ID INTEGER DEFAULT -1, >> SALT_VALUE VARCHAR(255), >> HASH VARCHAR(255) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> PRIMARY KEY(ID), >> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >> )ENGINE INNODB; >> >> >> *New * >> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >> ID INTEGER NOT NULL AUTO_INCREMENT, >> USER_UNIQUE_ID VARCHAR(255) NOT NULL, >> SALT_VALUE VARCHAR(255), >> HASH VARCHAR(255) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> PRIMARY KEY(ID), >> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >> )ENGINE INNODB; >> >> Password Hashing algorithm will be a configurable property. >> >> [1] [Architecture] Force Password Reset and Password History validation >> >> Thanks, >> Gayan >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: ga...@wso2.com >> Mobile: +94 (71) 8020933 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
