Details
-
Story
-
Status: Resolved
-
Major
-
Resolution: Done
-
None
-
None
Description
*** Part of the security enhancements update ***
The security enhancements are a group of new features that can be further sorted into two categories of improvements:
Auditing improvements
CORE-285 Log number of attempted logins
CORE-286 Log admin functions
Password Management improvements
CORE-287 Lockout after failed logins
CORE-288 Enforce complex passwords
CORE-289 Mandatory password change
CORE-300 Prevent repeat password
Each of the above features is listed as a sub-task of this story.
The security enhancements are a group of new features that can be further sorted into two categories of improvements:
Auditing improvements
Password Management improvements
Each of the above features is listed as a sub-task of this story.
Attachments
1.
|
Log number of attempted logins |
|
Resolved | Janice Donahoe |
2.
|
Log admin functions |
|
Resolved | Janice Donahoe |
3.
|
Lockout after failed logins |
|
Resolved | Janice Donahoe |
4.
|
Enforce complex passwords |
|
Resolved | Janice Donahoe |
5.
|
Mandatory password change |
|
Resolved | Janice Donahoe |
6.
|
Do not allow current password to be used as new password |
|
Resolved | Janice Donahoe |
Activity
| Field | Original Value | New Value |
|---|---|---|
| Issue Type | Bug [ 1 ] | Improvement [ 4 ] |
| Fix Version/s | 1.7.10 [ 10307 ] |
| Assignee | Janice Donahoe [ jmd86 ] |
| Issue Type | Improvement [ 4 ] | Story [ 10001 ] |
| Summary | Security enhancement | Security enhancements |
| Status | New [ 10000 ] | Open [ 1 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | Ready to Test [ 10001 ] |
| Status | Ready to Test [ 10001 ] | Testing [ 10002 ] |
| Sprint | Release 1.7.08b 2 [ 21 ] |
| Rank | Ranked higher |
| Sprint |
| Sprint | Release 1.7.08b 3 [ 22 ] |
| Rank | Ranked higher |
| Sprint |
| Rank | Ranked higher |
| Sprint | v1710.0001 [ 23 ] |
| Description |
Log of (password) login attempts
Password only but can configure to to get sessions, take note of agg service account Log of admin functions attempted Lockout with specific # of failed (password) login attempts Does this exist already? Enforce complex passwords 8 characters or more, one capital, one lower case, a number, a special char only when a user changes the password, if a admin creates the password the user will be forced to change it the first time they logon Enforce change of password regularly The password policy can be by adding a global param PM_EXPIRED_PASSWORD and setting to true |
*** Part of the security enhancements update ***
The security enhancements are a group of new features that can be further sorted into two categories of improvements: Auditing improvements Password Management improvements Each of the above features is listed as a sub-task of this story. |
Tested and verified all the security features are working as designed. All of them will be included in the 1.7.10 release.
| Resolution | Done [ 10001 ] | |
| Status | Testing [ 10002 ] | Resolved [ 5 ] |
| Labels | wikirelease |