Uploaded image for project: 'iDempiere'
  1. IDEMPIERE-2558

don't allow use old password when change password

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects versions: iDempiere HEAD
    • Fix versions: None
    • Components: None
    • Labels:
    • Sprint:

      Description

      at moment, when password expiate user must change password.
      configuration CHANGE_PASSWORD_MUST_DIFFER don't allow user reuse old password
      but after change password, user can reset password to old.
      my idea change logic become DON"T_ALLOW_OLD_PASSWORD_FOR_PERIOD_OF_TIME
      and admin can define num of day.
      user can't reuse old password has age in this range.
      example: define DON"T_ALLOW_OLD_PASSWORD_FOR_PERIOD_OF_TIME = 30
      user can't reset to password has age < 30 day + expiate

      other i thinks this configuration and USER_LOCKING_MAX_PASSWORD_AGE_DAY should move to Password Rules
      Carlos Ruiz wdyt?

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                hieplq Hiep Lq
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: