Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003416Openbravo ERPC. Securitypublic2007-11-16 19:512013-08-05 08:55
Reporterplujan 
Assigned Toiciordia 
PrioritynormalSeverityminorReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0003416: Openbravo should provide password policies support
DescriptionThere are some best practices about passwords that should be considered as part of Openbravo standard.
* Maximun Password length: Now is limited to 10 chars by GUI, it should be extended to 20 to allow stronger passwords
* Minimun Password length: A password should not have less than 7 chars
* Expiration: Passwords should expire after a defined period of time
* Password history: Users should not change a password to a used recently one
* Password complexity: A strong password has uppercase and lowercase as well as numbers, it would be great is change password window check that.

Additionally, a password lockout when trying to access N times sometimes helps (while many times just mess it up)
Steps To Reproduce
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks feature request 0000500pi acknowledged iciordia User pasword management 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2008-06-30 19:50pjuvaraStatusnew => acknowledged
2008-06-30 19:50pjuvaraRelationship addedblocks 0000500
2008-11-16 07:44pjuvaraAssigned Toalostale => pjuvara
2009-05-22 19:36pjuvaraAssigned Topjuvara => iciordia
2009-09-01 09:14roklenardicRelationship addedblocks 0010399
2013-08-05 08:55mmarquezIssue Monitored: mmarquez

Notes
(0007005)
user71   
2005-06-01 00:00   
(edited on: 2008-06-12 09:44)
This bug was originally reported in SourceForge bug tracker and then migrated to Mantis.

You can see the original bug report in:
https://sourceforge.net/support/tracker.php?aid=1833307 [^]
(0003922)
villind   
2007-11-19 13:02   
(edited on: 2008-06-12 09:26)
Logged In: YES
user_id=61737
Originator: NO

I would vote for http://sourceforge.net/tracker/index.php?func=detail&aid=1833751&group_id=162271&atid=823132 [^] instead of this.

It is more important to provide means for strong authentication than implementing it. I would not see that there would be sense to support smart cards or 3factor authentication in Openbravo directly, bu enable integration with such solutions.