appmsw-forbid-old-passwd

Downloads24

959

Bookmark

This application is not supported by InterSystems Corporation. Please be notified that you use it at your own responsibility.

Details

Releases

Reviews

Screenshots

Issues

What's new in this version

added salt in hash

forbid-old-passwd

To meet the requirements of section 8.2.5 PCI DSS "Prohibit the use of old passwords", a small application has been implemented that will be launched by the system when a user tries to change a password and check if it was used before.

Installation with ZPM

If ZPM the current instance is not installed, then in one line you can install the latest version of ZPM.

zn "%SYS" d ##class(Security.SSLConfigs).Create("z") s r=##class(%Net.HttpRequest).%New(),r.Server="pm.community.intersystems.com",r.SSLConfiguration="z" d r.Get("/packages/zpm/latest/installer"),$system.OBJ.LoadStream(r.HttpResponse.Data,"c")

If ZPM is installed, then can be set with the command

zpm:USER>install appmsw-forbid-old-passwd

Installation with Docker

Prerequisites

Make sure you have git and Docker desktop installed.

Installation

Clone/git pull the repo into any local directory

git clone https://github.com/SergeyMi37/appmsw-forbid-old-passwd

Open the terminal in this directory and run:

docker-compose build

Run the IRIS container with your project:

docker-compose up -d

How to Test it

Open IRIS terminal:

docker-compose exec iris iris session iris
...
%SYS>set ss=##class(Security.System).%OpenId("SYSTEM")
%SYS>set ss.PasswordValidationRoutine="CHECK^PASSWORD"
%SYS>write ss.%Save()
1

Or add a parameter through the interface: Password validation routine