Hi Gayan,
On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <[email protected]> wrote: > Hi All, > > We are in the process of implementing password history validation feature > for IS 6.0.0. Architecture of this feature was previously discussed in [1] > by Isura for IS 5.3.0. We plan to follow same architecture with minor > changes. > > Previously history validation has been done by checking only last 'n' > number of attempts. Ex. you cannot use a password which is inside last 5 > attempts. This time we additionally validate time factor as well Ex. you > cannot use a password, if there is a similar password with created date > inside last 7days. > > Table structure will be changed as below since we have unique user ID in > C5. > > *Previous * > > CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( > ID INTEGER NOT NULL AUTO_INCREMENT, > USER_NAME VARCHAR(255) NOT NULL, > USER_DOMAIN VARCHAR(127) NOT NULL, > TENANT_ID INTEGER DEFAULT -1, > SALT_VALUE VARCHAR(255), > HASH VARCHAR(255) NOT NULL, > TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, > PRIMARY KEY(ID), > UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) > )ENGINE INNODB; > > > *New * > CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( > ID INTEGER NOT NULL AUTO_INCREMENT, > USER_UNIQUE_ID VARCHAR(255) NOT NULL, > SALT_VALUE VARCHAR(255), > HASH VARCHAR(255) NOT NULL, > TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, > PRIMARY KEY(ID), > UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) > This should be UNIQUE (USER_UNIQUE_ID,SALT_VALUE,HASH) Thanks Isura. > )ENGINE INNODB; > > Password Hashing algorithm will be a configurable property. > > [1] [Architecture] Force Password Reset and Password History validation > > Thanks, > Gayan > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
