dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #26435
Re: Expired password
Hi Andrew,
thanks for your input.
On Mon, Dec 2, 2013 at 11:35 AM, Muhire Andrew <muhireandrew@xxxxxxxxx>wrote:
> Hi all,
>
> Here is my inputs to DHIS2 may be for the future releases:
>
> -To avoid people from may be misusing, risks of User and Passwrd caching
> to their browsers memory, it can be more better if we make it optional on
> setting passwords. Like password to expire on date xx/xx/xxxx. This is
> important because some Users requests the usernames and passwords for only
> research purposes in a given period. eg like only 3 months here the system
> can be able to automatically block he/she from logging in. On Facility
> users, it can be better to have a specific period and they all alerted to
> their emails and forced to change the password.(Note that this is optional).
>
>
This is a sensible request, and is in fact already planned for 2.14:
https://blueprints.launchpad.net/dhis2/+spec/password-change
> -Another part is if someone prompt and fails to log in several times eg: 6
> or more times the system automatically blocks that person and sends the
> message to the administrator for him to check if its not an intruder.
>
>
This I am less sure about - problem is that it will be very simple for an
attacker to jam the system by constantly posting login attempts to an
instance, hereby triggering the the auto-locking and disabling anyone to
log in. Must thing a bit more on this one.
cheers
Lars
References