Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-5748

Native user authentication: SYSCS_UTIL.SYSCS_MODIFY_PASSWORD accepts old password

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 10.9.1.0
    • None
    • Services
    • None
    • Security

    Description

      Modifying the password to the same as the old one will reset the timeout specified in derby.authentication.native.passwordLifetimeMillis.
      This means that a lazy user can subvert the security policy embodied in the timeout. It would be an improvement to require a different one.
      Of course, we don't currently have any password strength checking either, so it may not be worth just implementing this change without making some configurable strength checking also.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-866 Derby User Management Enhancements

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              dagw Dag H. Wanvik
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: