Trace:
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
jvx:server:security:password_policy [2018/02/02 12:47] admin |
jvx:server:security:password_policy [2020/06/25 10:54] (current) cduncan |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ~~Title: Password policy integration~~ | + | ~~Title: Password Policy Integration~~ |
| - | Applications, especially web applications, require secure passwords. However, users tend to select passwords that are easy to remember. Therefore the responsibility for chosing a secure password can not be left to the user. The application has to provide certain policies. | + | Applications, especially web applications, require secure passwords. However, users tend to select passwords that are easy to remember. Therefore, the responsibility for choosing a secure password cannot be left to the user. The application has to provide certain policies. |
| - | This is what the IPasswordValidator interface is for in JVx. It allows the creation of security policies for password. | + | This is what the IPasswordValidator interface is for in JVx. It allows for the creation of security policies for password. |
| JVx provides a default implementation: DefaultPasswordValidator. The following policies are supported: | JVx provides a default implementation: DefaultPasswordValidator. The following policies are supported: | ||
| Line 14: | Line 14: | ||
| * The username cannot be the password | * The username cannot be the password | ||
| - | Password validation has to be configured since by default the system only verifies if the password contains at least one character. | + | Password validation has to be configured as, by default, the system only verifies if the password contains at least one character. |
| The configuration is done in config.xml of the application: | The configuration is done in config.xml of the application: | ||