On Mon, Mar 13, 2017 at 9:03 AM, Isura Karunaratne <[email protected]> wrote:
> Hi Gayan, > > > On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <[email protected]> wrote: > >> Hi All, >> >> We are in the process of implementing password history validation feature >> for IS 6.0.0. Architecture of this feature was previously discussed in [1] >> by Isura for IS 5.3.0. We plan to follow same architecture with minor >> changes. >> >> Previously history validation has been done by checking only last 'n' >> number of attempts. Ex. you cannot use a password which is inside last 5 >> attempts. This time we additionally validate time factor as well Ex. you >> cannot use a password, if there is a similar password with created date >> inside last 7days. >> >> Table structure will be changed as below since we have unique user ID in >> C5. >> >> *Previous * >> >> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >> ID INTEGER NOT NULL AUTO_INCREMENT, >> USER_NAME VARCHAR(255) NOT NULL, >> USER_DOMAIN VARCHAR(127) NOT NULL, >> TENANT_ID INTEGER DEFAULT -1, >> SALT_VALUE VARCHAR(255), >> HASH VARCHAR(255) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> PRIMARY KEY(ID), >> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >> )ENGINE INNODB; >> >> >> *New * >> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >> ID INTEGER NOT NULL AUTO_INCREMENT, >> USER_UNIQUE_ID VARCHAR(255) NOT NULL, >> SALT_VALUE VARCHAR(255), >> HASH VARCHAR(255) NOT NULL, >> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >> PRIMARY KEY(ID), >> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >> > > This should be UNIQUE (USER_UNIQUE_ID,SALT_VALUE,HASH) > USER_UNIQUE_ID by itself is globally unique. Then is there a point to have this unique constraint? > > > Thanks > Isura. > >> )ENGINE INNODB; >> >> Password Hashing algorithm will be a configurable property. >> >> [1] [Architecture] Force Password Reset and Password History validation >> >> Thanks, >> Gayan >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
