Home Applications appmsw-forbid-old-passwd

appmsw-forbid-old-passwd

This application is not supported by InterSystems Corporation. Please be notified that you use it at your own risk.
5
1 reviews
0
Awards
242
Views
9
IPM installs
0
0
Details
Releases
Reviews  (1)
Issues
Articles  (1)
To meet the requirements of section 8.2.5 PCI DSS "Prohibit the use of old passwords", a small application has been implemented that will be launched by the system when a user tries to change a password and check if it was used before.

What's new in this version

added salt in hash

forbid-old-passwd

Gitter
DC

Quality Gate Status

GitHub last commit [![license](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

To meet the requirements of section 8.2.5 PCI DSS “Prohibit the use of old passwords”, a small application has been implemented that will be launched by the system when a user tries to change a password and check if it was used before.

Installation with ZPM

If ZPM the current instance is not installed, then in one line you can install the latest version of ZPM.

zn "%SYS" d ##class(Security.SSLConfigs).Create("z") s r=##class(%Net.HttpRequest).%New(),r.Server="pm.community.intersystems.com",r.SSLConfiguration="z" d r.Get("/packages/zpm/latest/installer"),$system.OBJ.LoadStream(r.HttpResponse.Data,"c")

If ZPM is installed, then can be set with the command

zpm:USER>install appmsw-forbid-old-passwd

Installation with Docker

Prerequisites

Make sure you have git and Docker desktop installed.

Installation

Clone/git pull the repo into any local directory

git clone https://github.com/SergeyMi37/appmsw-forbid-old-passwd

Open the terminal in this directory and run:

docker-compose build
  1. Run the IRIS container with your project:
docker-compose up -d

How to Test it

Open IRIS terminal:

docker-compose exec iris iris session iris
...
%SYS>set ss=##class(Security.System).%OpenId("SYSTEM")
%SYS>set ss.PasswordValidationRoutine="CHECK^PASSWORD"
%SYS>write ss.%Save()
1

Or add a parameter through the interface:
Password validation routine

How to install without container and without zpm

Step 1: Be logged into github and download PASSWORD.mac

Step 2: Import and compile PASSWORD.mac into the %SYS namespace.

Step 3: Configure the instance to use PASSWORD routine

USER>zn "%SYS"
%SYS>set ss=##class(Security.System).%OpenId("SYSTEM")
%SYS>set ss.PasswordValidationRoutine="CHECK^PASSWORD"
%SYS>write ss.%Save()
1

Step 5: Confirm setting in Management Portal
System Administration > Security > System Wide Parameters > “Password validation routine” should say “CHECK^PASSWORD”

Step 6: Test by making a new password for a user. This logs the password into the secure log location.
Then, try to change the password for this user again, but making the password the same as the first one.
You should see the error “This password has already been used.”

Made with
Install
zpm install appmsw-forbid-old-passwd download archive
Version
1.0.401 Dec, 2021
ObjectScript quality test
Category
Technology Example
Works with
InterSystems IRISInterSystems IRIS for Health
First published
13 Nov, 2021
Last checked by moderator
27 Jun, 2023Works