Hi Joahnn,
On Mon, Mar 13, 2017 at 9:14 AM, Johann Nallathamby <[email protected]> wrote: > > > On Mon, Mar 13, 2017 at 9:03 AM, Isura Karunaratne <[email protected]> wrote: > >> Hi Gayan, >> >> >> On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We are in the process of implementing password history validation >>> feature for IS 6.0.0. Architecture of this feature was previously discussed >>> in [1] by Isura for IS 5.3.0. We plan to follow same architecture with >>> minor changes. >>> >>> Previously history validation has been done by checking only last 'n' >>> number of attempts. Ex. you cannot use a password which is inside last 5 >>> attempts. This time we additionally validate time factor as well Ex. you >>> cannot use a password, if there is a similar password with created date >>> inside last 7days. >>> >>> Table structure will be changed as below since we have unique user ID in >>> C5. >>> >>> *Previous * >>> >>> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >>> ID INTEGER NOT NULL AUTO_INCREMENT, >>> USER_NAME VARCHAR(255) NOT NULL, >>> USER_DOMAIN VARCHAR(127) NOT NULL, >>> TENANT_ID INTEGER DEFAULT -1, >>> SALT_VALUE VARCHAR(255), >>> HASH VARCHAR(255) NOT NULL, >>> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >>> PRIMARY KEY(ID), >>> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >>> )ENGINE INNODB; >>> >>> >>> *New * >>> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >>> ID INTEGER NOT NULL AUTO_INCREMENT, >>> USER_UNIQUE_ID VARCHAR(255) NOT NULL, >>> SALT_VALUE VARCHAR(255), >>> HASH VARCHAR(255) NOT NULL, >>> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >>> PRIMARY KEY(ID), >>> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >>> >> >> This should be UNIQUE (USER_UNIQUE_ID,SALT_VALUE,HASH) >> > > USER_UNIQUE_ID by itself is globally unique. Then is there a point to have > this unique constraint? > No. Multiple recodrs will be there for same uniqueId. Thanks Isura. > > >> >> >> Thanks >> Isura. >> >>> )ENGINE INNODB; >>> >>> Password Hashing algorithm will be a configurable property. >>> >>> [1] [Architecture] Force Password Reset and Password History validation >>> >>> Thanks, >>> Gayan >>> >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
