Skip to Content (Press Enter)
OutSystems.com
Personal Edition
Community
Support
Training
Training
Online Training
Developer Schools
Boot Camps
Certifications
Tech Talks
Documentation
Documentation
Overview
ODC
O11
Forums
Forge
Get Involved
Get Involved
Jobs
Ideas
Members
Mentorship
User Groups
Platform
Platform
ODC
O11
Search in OutSystems
Log in
Get Started
Back to Forums
J.
MVP
41
Views
4
Comments
Enforcing password policy cannot be done 100%?
Question
Users
Hi,
We are creating an application in the cloud.
We want to enforce password-policy (min length for example).
We can change the change-password in our own espaces, but we cannot change the Users-espace.
So no matter what we do, there is always one way to change a password with our own policy.
We cannot delete the users-espace as well, because then, well, we have even more challenges to overcome.
How can we overcome this problem?
Can we clone the Users, then delete the original and change the cloned one to enforce the policy?
(I doubt that, since with every upgrade we get the users-espace back? )
Tiago Neves
Hi Joost,
Your best choice is to clone the Users eSpace and then use that as your user provider. Don't delete the original. Users eSpace is a wrapper over the system entities, use its clone to make what you want, access the User table directly and change the password.
From what I've read, you could customize Users eSpace in the past, but since version 8 you have to clone it. As you know, this means any improvements or bugfixes will not be immediately available in your custom user provider.
That being said... Do you really need to clone it? Why not invoke each Users eSpace function with a wrapper function (MyCreateUser invokes CreateUser) and within your functions add whatever you need?
Imho, having my own custom user provider would be a last resort.
João Rosado
Staff
Hi Joost,
The Users has a site property to disable the access to screens: "AllowWebAccess".
You can change it in Service Center by going to Factory->eSpaces->Users->Tenants->Users (Default Tenant)->AllowWebAccess
Regards,
João Rosado
Tiago Neves
Hi João,
That way, we just hide Users eSpace, but keep its functionality available, right?
Cheers
J.
MVP
Ah, awesome.
@Tiago, yes we can clone it, whatever, but we still could access Users directly (if someone screws up horribly)
but with the site-property we can disable it directly, which makes my life easier :)
nice to know.
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting.
See the full guidelines
Loading...