Hi,
I would like to come back to an old feature request:
Are there any news on this? Unfortunately, I can not use LDAP in this use case.
In the past the Webportal user was able to change the password in the webportal to a really low security password like “x”. Is there an option nowadays to define a minimal requirement, like special characters or numbers and a minimum password length?
THX
Lars
Hi, I would also put a +1 to this request.
We have the same requirement - that there is no password requirements for the users (as far as I know)
Would be glad if there is some solution in the system
Hi @laval ,
Thank you for this inquiry. We currently have a ticket open to implement this, but we do not have a time table for when to expect this feature. Please refer to [SRV-1921] when checking our change log for any updates on this ticket.
Thanks,
Zack
Hi @ztrubow ,
is there any update on this topic? I would be glad if the next KNIME server version in winter would finally fix that problem.
Best,
Lars
Hi @ztrubow,
I also would be interessted in any update on this issue.
Or at least a somewhat viable workaround.
Unfortunately we still do not have a time table for this, but the ticket is still open and I have asked for an update. I will post back here when we have a better idea of when this will be implemented. Thank you for your patience!
Hi @laval and @AnotherFraudUser
Just in addition to the feature request, I would just like to remind you that (in case you have a KNIME Server Large license) you can integrate with LDAP/OAuth, which will make managing users and passwords easier.
Cheers
Ana
Hi @ana_ved, thanks a lot for this hint, but as I pointed out when I started the topic, I can not use LDAP on my external KNIME server large and therefore this is a huge security issue for us and I assume this is valid for others too.
First time I mentioned this officially in the KNME forum was in Feb 2020 here Assure security via password rules in Webportal and I really hope that this issue will finally receive highest priority.
Best,
Lars
Makes total sense @laval . Sorry if I sounded a bit out of touch. The feature request is definitely valid. Just for AnotherFraudUser or any other user reading this post that might have not known about the integration – sometimes it happens…
Best wishes
Ana
Hi @ana_ved,
thanks for the info.
But I already know about the LDAP option for KNIME Server Large - (we only have a small licence).
However LDAP would be the only feature we would be interessted here… hard to argue internaly to spend money on a large licence for only this one feature (more likely that we would change to Rapidminer at that point to be honest)
But I have to say - I find it somewhat rediculous that this is still not fixed…
At least my Security Departement is really not happy about this, not quite sure how other small/medium licence customers can sell this issue to their department 
Hi @laval , @AnotherFraudUser ,
Just quickly wanted to check what your exact requirements are: Is it enough if we only introduce a configurable minimum password length, or would you need additional restrictions such as enforcing/disallowing special characters as well? In case you need additional restrictions, what exactly should they be?
Cheers,
Roland
Hi @RolandBurger ,
in my case the password standard requires a password to be at least 12 characters long.
Further the password need at least:
-1 uppercase character
-1 lowercase character
-1 number
-1 special character
But the length is the most important one from these points. (so i would rather get this sooner, then waiting for the minimum password strength)
And just to be complete - normally we would need a password to expire after x-months (but this can be already achieved throuh a workaround)
*a suitable workaround at least for me would also be, if there would be a possibility to set the password checking script similiar to the webportal page layout (e.g. insert a javascript with access to the change password screen)…if something like this would be easier to implement.
While actual server side requirements would be way better 
Thanks for the input, we’ll keep you posted once there is progress!
Hi @RolandBurger,
thanks for joining the topic. Our requirement is following the BSI rules BSI - Sichere Passwörter erstellen
I would expect a password length to be defined by the admin (for example 10) and a mix of at least:
-1 uppercase character
-1 lowercase character
-1 number
-1 special character
I copied that from @AnotherFraudUser .-)
My problem here is the requirement of the Security Department (ISB) too and the need to switch the server off if there no solution available soon.
THX,
Lars
Hi @laval,
my last info was that it will come in the upcoming release.
Hopefully @RolandBurger can confirm that
that would be great! Fingers crossed that Roland will confirm that
Kind regards,
Lars
Hi guys,
Yes, that is still the plan. We are actually working on it right now
Cheers,
Roland
Hi guys,
with the most recent release of the server, we now also support minimum password requirements for our user database. Check it out here: KNIME Server Release Notes and Update Guide
I will suggest to wait until the first bugfix release to do your server update.
Best wishes
Ana
@ana_ved @RolandBurger Thanks a lot for including that feature!!! I just installed the new KNIME Server version 4.14.1 and it seems to work as expected 
That you furthermore included the password requirement hint for those users changing their password in the Webportal is very user friendly!
I am relieved and our Security Department should not complain anymore! 
Best wishes
Lars