Security Password Change - Forum - Rollbase - Progress Community

Security Password Change


Security Password Change

  • Many companies are getting tight on information security. One of the common rules implemented is that access to an application gets inactive when a user doesn't changed his password after 'X' number of days - grace period. This translates to the employee not being able to access the application, he has to go to the administrator to have his access reactivated. I also notice that several applications out there has this setup: the system generates a reminder email (around 1-3 times) which is sent to the user informing him to change his password a few days before his access expires. Once the expiry date comes and the password was not reset, the system automatically inactivates his access. In the event the user changes his password, his expiry date resets based on the grace period defined. To be compliant with this growing needs for information security, does Rollbase have the provision for the following: 1. Define the number of days before access expires (from last password change) 2. Define content o
  • Currently Rollbase does not provide this feature, but we can add this in the future if customers demand it. You can find out more about Rollbase security in Chapter 11 of our documentation.
  • I'm working on app for a client now and they have a requirement. As a workaround (while this feature is not yet part of RB), can I do the following?
    1. Create a field and update this every time the password changes?
    2. Create a field that calculates X number of days from the last password change - expiry date ?
    3. Run a recurring trigger every 1 day to see if any of the users has an expiry date within X number of days, and send an email
    4. Run a recurring trigger every 1 day to see if any of the users passed the expiry date, and set the Role to No Access.

    Wanted to confirm if solution is OK for now and that it doesn't violate any of the models to which RB platform is developed.

    Thank you.
  • I would wait for solution built in Rollbase. This issue got on my short list.
  • Hi Pavel, do we have any timeline when this will be implemented in RB?
  • I would say 1 or 2 weeks.
  • The feature and documentation will be deployed tonight.