Enforcing password policy cannot be done 100%?

Enforcing password policy cannot be done 100%?


We are creating an application in the cloud.
We want to enforce password-policy (min length for example).
We can change the change-password in our own espaces, but we cannot change the Users-espace.

So no matter what we do, there is always one way to change a password with our own policy.
We cannot delete the users-espace as well, because then, well, we have even more challenges to overcome.

How can we overcome this problem?
Can we clone the Users, then delete the original and change the cloned one to enforce the policy?
(I doubt that, since with every upgrade we get the users-espace back? )

Hi Joost,

Your best choice is to clone the Users eSpace and then use that as your user provider. Don't delete the original. Users eSpace is a wrapper over the system entities, use its clone to make what you want, access the User table directly and change the password.

From what I've read, you could customize Users eSpace in the past, but since version 8 you have to clone it. As you know, this means any improvements or bugfixes will not be immediately available in your custom user provider.

That being said... Do you really need to clone it? Why not invoke each Users eSpace function with a wrapper function (MyCreateUser invokes CreateUser) and within your functions add whatever you need?
Imho, having my own custom user provider would be a last resort.
Hi Joost,

The Users has a site property to disable the access to screens: "AllowWebAccess".
You can change it in Service Center by going to Factory->eSpaces->Users->Tenants->Users (Default Tenant)->AllowWebAccess

João Rosado
Hi João,

That way, we just hide Users eSpace, but keep its functionality available, right?

Ah, awesome.

@Tiago, yes we can clone it, whatever, but we still could access Users directly (if someone screws up horribly)
but with the site-property we can disable it directly, which makes my life easier :)

nice to know.