how to define minimal requirement for webportal password

Hi,

I would like to come back to an old feature request:

Are there any news on this? Unfortunately, I can not use LDAP in this use case.

In the past the Webportal user was able to change the password in the webportal to a really low security password like “x”. Is there an option nowadays to define a minimal requirement, like special characters or numbers and a minimum password length?

THX
Lars

1 Like

Hi, I would also put a +1 to this request.
We have the same requirement - that there is no password requirements for the users (as far as I know)
Would be glad if there is some solution in the system

1 Like

Hi @laval ,

Thank you for this inquiry. We currently have a ticket open to implement this, but we do not have a time table for when to expect this feature. Please refer to [SRV-1921] when checking our change log for any updates on this ticket.

Thanks,
Zack

2 Likes

Hi @ztrubow ,

is there any update on this topic? I would be glad if the next KNIME server version in winter would finally fix that problem.

Best,
Lars

2 Likes

Hi @ztrubow,

I also would be interessted in any update on this issue.
Or at least a somewhat viable workaround.

2 Likes

Unfortunately we still do not have a time table for this, but the ticket is still open and I have asked for an update. I will post back here when we have a better idea of when this will be implemented. Thank you for your patience!

Hi @laval and @AnotherFraudUser

Just in addition to the feature request, I would just like to remind you that (in case you have a KNIME Server Large license) you can integrate with LDAP/OAuth, which will make managing users and passwords easier.

Cheers
Ana

Hi @ana_ved, thanks a lot for this hint, but as I pointed out when I started the topic, I can not use LDAP on my external KNIME server large and therefore this is a huge security issue for us and I assume this is valid for others too.
First time I mentioned this officially in the KNME forum was in Feb 2020 here Assure security via password rules in Webportal and I really hope that this issue will finally receive highest priority.

Best,
Lars

3 Likes

Makes total sense @laval . Sorry if I sounded a bit out of touch. The feature request is definitely valid. Just for AnotherFraudUser or any other user reading this post that might have not known about the integration – sometimes it happens…

Best wishes
Ana

1 Like

Hi @ana_ved,

thanks for the info.
But I already know about the LDAP option for KNIME Server Large - (we only have a small licence).
However LDAP would be the only feature we would be interessted here… hard to argue internaly to spend money on a large licence for only this one feature (more likely that we would change to Rapidminer at that point to be honest)

But I have to say - I find it somewhat rediculous that this is still not fixed…:see_no_evil:
At least my Security Departement is really not happy about this, not quite sure how other small/medium licence customers can sell this issue to their department :sob:

1 Like

Hi @laval , @AnotherFraudUser ,

Just quickly wanted to check what your exact requirements are: Is it enough if we only introduce a configurable minimum password length, or would you need additional restrictions such as enforcing/disallowing special characters as well? In case you need additional restrictions, what exactly should they be?

Cheers,
Roland

1 Like

Hi @RolandBurger ,

in my case the password standard requires a password to be at least 12 characters long.

Further the password need at least:
-1 uppercase character
-1 lowercase character
-1 number
-1 special character

But the length is the most important one from these points. (so i would rather get this sooner, then waiting for the minimum password strength)
And just to be complete - normally we would need a password to expire after x-months (but this can be already achieved throuh a workaround)

*a suitable workaround at least for me would also be, if there would be a possibility to set the password checking script similiar to the webportal page layout (e.g. insert a javascript with access to the change password screen)…if something like this would be easier to implement.
While actual server side requirements would be way better :slight_smile:

1 Like

Thanks for the input, we’ll keep you posted once there is progress! :slight_smile:

1 Like

Hi @RolandBurger,

thanks for joining the topic. Our requirement is following the BSI rules BSI - Sichere Passwörter erstellen

I would expect a password length to be defined by the admin (for example 10) and a mix of at least:
-1 uppercase character
-1 lowercase character
-1 number
-1 special character
I copied that from @AnotherFraudUser .-)

My problem here is the requirement of the Security Department (ISB) too and the need to switch the server off if there no solution available soon.

THX,
Lars

1 Like

Hi @RolandBurger,

is there any update on this feature request?

Kind regards,
Lars

1 Like

Hi @laval,

my last info was that it will come in the upcoming release.
Hopefully @RolandBurger can confirm that :see_no_evil:

1 Like

Hi @AnotherFraudUser,

that would be great! Fingers crossed that Roland will confirm that :slight_smile:

Kind regards,
Lars

1 Like

Hi guys,

Yes, that is still the plan. We are actually working on it right now :slight_smile:

Cheers,
Roland

4 Likes