Password Policy Management Implementation directly at Openedge Database Level - OpenEdge Database - Products Enhancements - Progress Community

 OpenEdge Database

What new features or enhancements could improve the OpenEdge Database? Use this challenge to let the OpenEdge team know what would make your life easier by reducing costs and increasing productivity!

Password Policy Management Implementation directly at Openedge Database Level

  • Under Review

In the context of different security audit point, the auditors are always pointing the following shortcoming :
"when accessing directly the Openedge database, a password is required to authenticate the user but no password policy applies (for example: password minimal lengths, password change date, password complexity, etc...)"

As security is more and more important , it would be nice to implement a password policy management  directly at openedge database level and not to delegate this security part to the application or LDAP ( Not always easy to implement)

  • The progress _User table already contains most fields required to implement this but as far as I know there currently is no supporting code.

  • Password management is outside the scope of OpenEdge, especially as there are many vendors who currently offer complete solutions. We advise using one of these vendors in conjunction with the OpenEdge Authentication Gateway (bundled with Progress Application Server for OpenEdge or available stand-alone) for comprehensive user authentication and access control to your OpenEdge environment.