Enhance Service Center Password Strength

Hi,

We have a new security policy which needs to implement validation check on password field where it must have at least 8 alphanumeric characters. If it does not fulfilled, it should show error message.


Is there a way to do this changes?

Hi Raymond,

That's not possible. Service Center is a standard tool, OutSystems would need to change the code to be able to do that. You can submit an Idea for this if you like.

Also note that you really shouldn't use Service Center for user management, but instead use LifeTime.

Correct me if I am wrong.


Understand all the user information (e.g. Name, Password) is store in ossys_user table.

Can we build a custom web application where i create password field and have validation on the custom screen.

Once it pass the validation, i will then save the updated password into ossys_user table?

Hi Raymond,

I'm not entirely sure whether you can do that for Service Center users. You definitely could for "normal" application users though.

Hi Raymond,

Maybe not the easiest way to solve it but you could implement a external users provider for lifetime, in which you have more options to validation user login.

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Use_an_External_Authentication_Provider

Regards,

Daniel

I think Kilian is right: I don't know of any possibility to do what you want.


It could be a good idea to make it possible to implement security policy in OS Service Center. 

If you post the idea, i will like it. ;)

Can i ask what is the difference between service center/lifetime user in the service studio versus the one i maintain in <domain>/users?


The user maintain in the different place doesn't save in the same system user table?

Service/center Lifetime user you need to login to Service Center, Life Time, Service Studio and Integration studio.

It is the account the developer uses on a daily based to develop applications.

<domain>/users are the user accounts that the people need to be able to login and use and OutSystems mobile or web application.

Apart from that you also have your OutSystems community account (to login on OutSystems.com for learn, forum, Forge, etc.)

We notice the user created in the <domain>/users doesnt appear or can be use in the service studio or lifetime. Is this the right behavior?