List:General Discussion« Previous MessageNext Message »
From:Suresh Kuna Date:January 27 2010 10:09am
Subject:Re: Record old passwords ?
View as plain text  
Hi Tompkins,
Check the below URL, looks like useful for your project.

20) set_password('username','hostname','oldpassword','newpassword');
(version 0.1.1) (version 0.1.4 added oldpassword) -- Changes password for
any user (if current user is root), otherwise changes own password if
current user is not root. can change the password up to 11times in 1 day and
stores the last 5 passwords which were not changed for at least 24hrs. Does
not permit the new password to be the same as any of the old passwords.
Resets update count if more than 24hrs passed from last first update of the
day. Password must be longer than '10 characters (configurable amount
through sec_config.password_length)'. Complexity requirements are set on
sec_config:

   1. password_length_check
   2. password_dictionary_check
   3. password_lowercase_check
   4. password_uppercase_check
   5. password_number_check
   6. password_special_character_check
   7. password_username_check

Root user doesn't need to abide to the above password restrictions when
creating a new user since the latter will have to change the password and
set one of his own.

In order for a user to change one's old password, the user needs to supply
the old password apart from the new one as well.

For more details, check the below link

http://code.google.com/p/securich/wiki/Documentation

Thanks,
Suresh Kuna
MySQL DBA

On Fri, Jan 22, 2010 at 11:52 PM, Tompkins Neil <
neil.tompkins@stripped> wrote:

> Hi
>
> Thanks for all the responses.  In the end I opted for
> a separate UserPasswords table, which records all old passwords.  When a
> user changes their password, this table is checked.  NB All passwords are
> stored in SHA256.
>
> Thanks again for your advice.
>
> Regards
> Neil
>
> On Wed, Jan 20, 2010 at 12:08 PM, Jørn Dahl-Stamnes
> <sql06@stripped>wrote:
>
> > On Wednesday 20 January 2010 01:10, Daevid Vincent wrote:
> > > > -----Original Message-----
> > > > From: John Meyer [mailto:john.l.meyer@stripped]
> > > > Sent: Monday, January 18, 2010 5:04 PM
> > > > To: colin@stripped; mysql@stripped
> > > > Subject: Re: Record old passwords ?
> > > >
> > > > Although, on an OT, forcing people to not use a password that they
> > > > have recently used is a bad idea.  What they eventually do is go with
> > > > something like "hometown01" "hometown02", etc.  Or worse, they start
> > > > writing down their passwords which is a whole other security problem.
> > >
> > > Amen to that. At my work, they require a password change every month,
> but
> > > they store the last 6 passwords you used, so I do exactly what you say
> --
> > I
> > > have a logbook and store the same 6 passwords in it and just cycle
> them.
> > > Other "tricks" I do, is use a pattern on the keyboard and just shift
> it.
> > > None of this is secure, and I totally know it (although I'm not picking
> > > "secret" or something as my PW, it's random letters/numbers/symbols).
> But
> > I
> > > hate the policy and I'm kind of a rebel like that. ;-p
> >
> > Several years ago I worked at a place where users had to change their
> > windows
> > password every N month and they kept a long history log of used password.
> >
> > My solution to this was to write a program that asked me for my current
> > password and how many previous used password the system remembered. The
> > program worked like this:
> >
> > for (n = 0; no_of_stored_password > n; n++) {
> >  set_password(random_generated_password);
> >  do_a_short_sleep();
> > }
> > set_password(original_password);
> >
> > ... and the problem was solved :)
> >
> > --
> > Jørn Dahl-Stamnes
> > homepage: http://www.dahl-stamnes.net/dahls/
> >
> > --
> > MySQL General Mailing List
> > For list archives: http://lists.mysql.com/mysql
> > To unsubscribe:
> > http://lists.mysql.com/mysql?unsub=1
> >
> >
>



-- 
Thanks
Suresh Kuna
MySQL DBA

Thread
Record old passwords ?Tompkins Neil18 Jan
  • Re: Record old passwords ?SH18 Jan
  • Re: Record old passwords ?Carsten Pedersen18 Jan
  • Re: Record old passwords ?Colin Streicher19 Jan
    • Re: Record old passwords ?John Meyer19 Jan
      • RE: Record old passwords ?Daevid Vincent20 Jan
        • Re: Record old passwords ?Jørn Dahl-Stamnes20 Jan
          • Re: Record old passwords ?Tompkins Neil22 Jan
            • Re: Record old passwords ?Suresh Kuna27 Jan
    • Re: Record old passwords ?Carlos Proal19 Jan
      • Re: Record old passwords ?Tompkins Neil19 Jan
        • Re: Record old passwords ?Tompkins Neil19 Jan
          • Re: Record old passwords ?Mark Goodge19 Jan
            • Re: Record old passwords ?John Meyer21 Jan
              • RE: Record old passwords ?Jerry Schwartz21 Jan
          • Re: Record old passwords ?Lucio Chiappetti21 Jan
            • Re: Record old passwords ?Mark Goodge21 Jan
        • Re: Record old passwords ?Mark Goodge19 Jan
Re: Record old passwords ?Tompkins Neil19 Jan