Password regulation / maintaining

We are now using Attain 3.60, no SQL-Database. I am looking for any hint to force the user in Navision to change their password every 90 days, and also to check if the password is trivialpassword or not. Or someway that Admin can maintain the password regulation… Does anyone here have any idea? Sorry for my poor englisch. Best regards Rizal

I don’t know about any “standard” solutions to this, but it should not be too difficult to implement this yourself. You could add a date field to the user table: “Password last changed on”. In CU1, upon login, you can then check if 90 days have passed since the user last changed his password and display a message that a change is due. Checking the password could be done in the OnValidate trigger of the user table, where you can also set the new field mentioned above. Just a few ideas, disclaimer applies [;)]

Hi Rizal You can use the Windows Unified Login in Attain. If you don’t want to do this it is possible to write your own password checking functionality. I have done this for Navision versions from 2.00 to 3.60 and it works ok. Regards David

Thank you all for your reply. xorp, I’ve got it. No disclamair.[:)] How about to check the password’s length. Any idea [?] I don’t mean by new password, but to check the length from which already saved in the Table User. David, which funktion do you have to check. Can u please give some clue? Best regards Rizal

Rizal, the stored password is encrypted and can not be decrypted again (well, at least that’s how it’s designed to be [;)]). So there is no way to determine the length of the stored password directly. You could store the length of the new password in an additional field for later use, but this could compromise system security. An intruder could start targeting the shortest passwords with a brute-force approach, instead of wasting his time on the longer ones.

Thanks for your advise, Heinz Herbeck.