Enhance OpenVPMS login security

Donate to this project

Development Project Status: Under Discussion

Due date for completion of this stage: 
03/04/2013

This project will improve login security by:

  • requiring passwords to meet a minimum strength (e.g minimum length, no dictionary words, mixture of upper and lowercase, inclusion of non-alpha characters)
  • reject login attempts if an incorrect password is submitted too many times
  • support password resets via email
  • allow users to change their passwords rather than requiring it be done by an administrator

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: Enhance OpenVPMS login security

Hi, it's a great idea to integrate auto-logout function to prevent people using someone else's login. Although I think all the above five points should be optional function which the administrator can choose whether or not to utilise to suit their clinic's needs.

Kind regards,

Anthony (ActiVet)

Kind regards,

Anthony (ActiVet)

Re: Enhance OpenVPMS login security

Hi Can we please split these projects into

1) Login Security

2) Auto-logout Feature

In terms of project security my feeling is that the proposal is a bit much for what most practices need and will use.

I would suggest a simpler system (and cheaper?) that would still provide adequate password security would be:

- Minimum strength requirement (minimum length)

- Force reset periodically (i.e. must change password once a month)

 - Allow users to change own passwords

Other people please let me know if I am mistaken.

Re: Enhance OpenVPMS login security

I've moved auto-logout to http://www.openvpms.org/project/auto-logout

I'll wait for more feedback on the other requirements.

Regards,

-Tim

Re: Enhance OpenVPMS login security

Tim:

The batch of features presented by Eastside seems like a very logical addition to the auto logout upgrade already in place. If we can get this priced out, I will propose to Benjamin that we pledge a portion of the funds needed.

Alan

Re: Enhance OpenVPMS login security

This project may have stagnated but I would like to add ; if the above is going to be implemented

add password hashing before storage.  (ie dont store plain text passwords.)

Regards
 
Ben 
OpenVPMS Installer and Helper 
Ph: +61423044823 
Email: benjicharlton[at]gmail[dot]com

Re: Enhance OpenVPMS login security

Yes. Also should encrypt mail server and ESCI passwords.

Syndicate content