I would like to come back to an old feature request:
Are there any news on this? Unfortunately, I can not use LDAP in this use case.
In the past the Webportal user was able to change the password in the webportal to a really low security password like “x”. Is there an option nowadays to define a minimal requirement, like special characters or numbers and a minimum password length?
Hi, I would also put a +1 to this request.
We have the same requirement - that there is no password requirements for the users (as far as I know)
Would be glad if there is some solution in the system
Thank you for this inquiry. We currently have a ticket open to implement this, but we do not have a time table for when to expect this feature. Please refer to [SRV-1921] when checking our change log for any updates on this ticket.
Unfortunately we still do not have a time table for this, but the ticket is still open and I have asked for an update. I will post back here when we have a better idea of when this will be implemented. Thank you for your patience!
Just in addition to the feature request, I would just like to remind you that (in case you have a KNIME Server Large license) you can integrate with LDAP/OAuth, which will make managing users and passwords easier.
Hi @ana_ved, thanks a lot for this hint, but as I pointed out when I started the topic, I can not use LDAP on my external KNIME server large and therefore this is a huge security issue for us and I assume this is valid for others too.
First time I mentioned this officially in the KNME forum was in Feb 2020 here Assure security via password rules in Webportal and I really hope that this issue will finally receive highest priority.
Makes total sense @laval . Sorry if I sounded a bit out of touch. The feature request is definitely valid. Just for AnotherFraudUser or any other user reading this post that might have not known about the integration – sometimes it happens…
thanks for the info.
But I already know about the LDAP option for KNIME Server Large - (we only have a small licence).
However LDAP would be the only feature we would be interessted here… hard to argue internaly to spend money on a large licence for only this one feature (more likely that we would change to Rapidminer at that point to be honest)
But I have to say - I find it somewhat rediculous that this is still not fixed…
At least my Security Departement is really not happy about this, not quite sure how other small/medium licence customers can sell this issue to their department
Just quickly wanted to check what your exact requirements are: Is it enough if we only introduce a configurable minimum password length, or would you need additional restrictions such as enforcing/disallowing special characters as well? In case you need additional restrictions, what exactly should they be?
in my case the password standard requires a password to be at least 12 characters long.
Further the password need at least:
-1 uppercase character
-1 lowercase character
-1 number
-1 special character
But the length is the most important one from these points. (so i would rather get this sooner, then waiting for the minimum password strength)
And just to be complete - normally we would need a password to expire after x-months (but this can be already achieved throuh a workaround)
*a suitable workaround at least for me would also be, if there would be a possibility to set the password checking script similiar to the webportal page layout (e.g. insert a javascript with access to the change password screen)…if something like this would be easier to implement.
While actual server side requirements would be way better
I would expect a password length to be defined by the admin (for example 10) and a mix of at least:
-1 uppercase character
-1 lowercase character
-1 number
-1 special character
I copied that from @AnotherFraudUser .-)
My problem here is the requirement of the Security Department (ISB) too and the need to switch the server off if there no solution available soon.
with the most recent release of the server, we now also support minimum password requirements for our user database. Check it out here: KNIME Server Release Notes and Update Guide
I will suggest to wait until the first bugfix release to do your server update.