I'd not go against password rotation that head-on. It's a quite regular
process in enterprises and for some applications its even enforced by local
laws. Not that I'm saying web2py should definitively have such a feature as
a builtin, but still...don't shoot the messenger :P
On Wednesday,
Even if it's 200 days, what do you gain by forcing users to change
passwords? Making them have post-its with the password? Just force them to
have a strong password.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
-
Leonel :
That was only a value of example.
El miércoles, 27 de abril de 2016, 8:05:58 (UTC-3), Leonel Câmara escribió:
>
> Why are you forcing your users to change passwords every 100 days?
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
-
Why are you forcing your users to change passwords every 100 days?
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you
Massimo:
Also I can make a trigger on auth_user table in the database when the
password is changed and update lastchangepassword field. Althrougth I know
is lost portability.
Best regards.
El martes, 26 de abril de 2016, 17:59:42 (UTC-3), isi_jca escribió:
>
> Massimo:
>
> Thanks for you
Massimo:
Thanks for you answer. Now is working, but when the user change password;
it is necesary to update lastchangepassword field at the auth_user table.
Must I to customize change_password controller?
Thanks regards.
El martes, 26 de abril de 2016, 15:15:32 (UTC-3), Massimo Di Pierro
at the bottom of db.py you can put:
if auth.user and request.function!='user'
and (request.now_lastchargepasswrod).days>100:
redirect(URL('user/change_password'))
On Tuesday, 26 April 2016 08:37:56 UTC-5, isi_jca wrote:
>
> Hi!!!
>
> After user login, I want to check validity password, I
7 matches
Mail list logo