Versions Compared

Old Version 2

changes.mady.by.user Petr Podsednik

Saved on

compared with

New Version 3

changes.mady.by.user Petr Podsednik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<passwordPolicy>
  <rules>
    <!-- password must be between min and max chars long -->
    <lengthRule>
      <minimum>8</minimum>
      <maximum>15</maximum>
    </lengthRule>
    <!-- don't allow whitespace -->
    <whitespaceRule/>
    <!-- Control allowed characters -->
    <characterCharacteristicsRule>
      <!-- require at least 1 upper case char -->
      <uppercase>1</uppercase>
      <!-- require at least 1 lower case char -->
      <lowercase>1</lowercase>
      <!-- require at least 1 digit in passwords -->
      <digit>1</digit>
      <!-- require at least 1 non-alphanumeric char -->
      <nonalphanumeric>1</nonalphanumeric>
      <!-- require at least x of the previous rules be met -->
      <numberOfCharacteristics>3</numberOfCharacteristics>
    </characterCharacteristicsRule>
    <!-- don't allow alphabetical sequences -->
    <alphabeticalSequenceRule/>
    <!-- don't allow numerical sequences -->
    <numericalSequenceRule/>
    <!-- don't allow qwerty sequences -->
    <qwertySequenceRule/>
    <!-- don't allow 4 repeat characters -->
    <repeatCharacterRule/>
    <!-- do not allow matching against history -->
    <historyRule/>
    <!-- do not allow matching against Dictionary -->
    <dictionaryRule>
      <wordLength>4</wordLength>
      <matchBackwards>true</matchBackwards>
    </dictionaryRule>
  </rules>

  <!-- uncomment if you do not want default values -->
  <!--passwordHistory>
    <historyFile>config/security/passwordHistory.xml</historyFile>
  </passwordHistory-->
  <!--dictionary>
    <dictionaryFile>config/security/passwordDictionary</dictionaryFile>
  </dictionary-->

  <!-- maximum password age - The suffix of the value should be one of ms,s,m,h,d  -->
  <maximumPasswordAge>5000d</maximumPasswordAge>
</passwordPolicy>

dictionary

The file defines words which cannot be used in passwords if dictionaryRule is defined in passwordPolicy.

Code Block
ABI
ACL
ACPI
ADSL
AGP
AMD
API
APIC
ATAPI
ATX
AVI
AXP
AfterStep
AlphaBIOS
Appletalk
Athlon
.....

passwordHistory.xml (PRELIMINARY)

The file maintains history of used passwords. If historyRule is defined in passwordPolicy the password is validated against this file.

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<passwordHistory>
  <!-- last modified in ms; e.g. 1535712347811 =  08/31/2018 12:45 CET -->
  <user name="admin" lastModified="1535712347811">
    <password>MwRLPWHiwj49VmNSmTsSBeFECqk=</password>
  </user>
  <user name="developer" lastModified="1535712347811">
  </user>
</passwordHistory>
Note
titlePreliminary function

In this version the function is considered to be preliminary as it still does not have  any support regarding maintaining the list of used password automatically. It must be maintained manually like this:

  • run encryptPassword for creating new password.
  • 3 property were created and stored in settings.xml:
    • usernamePassword - encrypted password
    • usernamePasswordHistoryHash - hash of the password
    • usernamePasswordHistoryLastModified - the time of creation
  • modify lastModified attribute of the user in history file with the value of  usernamePasswordHistoryLastModified property. When started Aspire will use the maximumPasswordAge value from policy file to check if the password is still valid
  • If you want to change the password lately do this :
    • create new password element in the history file with the hash of previous password stored in usernamePasswordHistoryHash property
    • repeat the process for creating new password - the new password will be validated against the history file