Home Applications appmsw-forbid-old-passwd

appmsw-forbid-old-passwd

InterSystems does not provide technical support for this project. Please contact its developer for the technical assistance.
5
1 reviews
0
Awards
256
Views
9
IPM installs
0
0
Details
Releases (4)
Reviews (1)
Issues
Articles (1)
To meet the requirements of section 8.2.5 PCI DSS "Prohibit the use of old passwords", a small application has been implemented that will be launched by the system when a user tries to change a password and check if it was used before.

What's new in this version

added salt in hash

forbid-old-passwd

Gitter
DC

Quality Gate Status

GitHub last commit [![license](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

To meet the requirements of section 8.2.5 PCI DSS “Prohibit the use of old passwords”, a small application has been implemented that will be launched by the system when a user tries to change a password and check if it was used before.

Installation with ZPM

If ZPM the current instance is not installed, then in one line you can install the latest version of ZPM.

zn "%SYS" d ##class(Security.SSLConfigs).Create("z") s r=##class(%Net.HttpRequest).%New(),r.Server="pm.community.intersystems.com",r.SSLConfiguration="z" d r.Get("/packages/zpm/latest/installer"),$system.OBJ.LoadStream(r.HttpResponse.Data,"c")

If ZPM is installed, then can be set with the command

zpm:USER>install appmsw-forbid-old-passwd

Installation with Docker

Prerequisites

Make sure you have git and Docker desktop installed.

Installation

Clone/git pull the repo into any local directory

git clone https://github.com/SergeyMi37/appmsw-forbid-old-passwd

Open the terminal in this directory and run:

docker-compose build
  1. Run the IRIS container with your project:
docker-compose up -d

How to Test it

Open IRIS terminal:

docker-compose exec iris iris session iris
...
%SYS>set ss=##class(Security.System).%OpenId("SYSTEM")
%SYS>set ss.PasswordValidationRoutine="CHECK^PASSWORD"
%SYS>write ss.%Save()
1

Or add a parameter through the interface:
Password validation routine

How to install without container and without zpm

Step 1: Be logged into github and download PASSWORD.mac

Step 2: Import and compile PASSWORD.mac into the %SYS namespace.

Step 3: Configure the instance to use PASSWORD routine

USER>zn "%SYS"
%SYS>set ss=##class(Security.System).%OpenId("SYSTEM")
%SYS>set ss.PasswordValidationRoutine="CHECK^PASSWORD"
%SYS>write ss.%Save()
1

Step 5: Confirm setting in Management Portal
System Administration > Security > System Wide Parameters > “Password validation routine” should say “CHECK^PASSWORD”

Step 6: Test by making a new password for a user. This logs the password into the secure log location.
Then, try to change the password for this user again, but making the password the same as the first one.
You should see the error “This password has already been used.”

Made with
Install
zpm install appmsw-forbid-old-passwd download archive
Version
1.0.401 Dec, 2021
Category
Technology Example
Works with
InterSystems IRISInterSystems IRIS for Health
First published
13 Nov, 2021
Last edited
01 Dec, 2021
Last checked by moderator
26 Nov, 2024Works