expire user password
53 views
Skip to first unread message
黄祥
Jun 28, 2015, 3:58:46 PM6/28/15
to web...@googlegroups.com
hi,
just wondering is it possible to have expire password in web2py application? perhaps something like the most os have (windows, linux) that have an option to set the user password is expired let say in 90 days, or 30 days.
thanks and best regards,
stifan
just wondering is it possible to have expire password in web2py application? perhaps something like the most os have (windows, linux) that have an option to set the user password is expired let say in 90 days, or 30 days.
thanks and best regards,
stifan
Massimo Di Pierro
Jun 28, 2015, 5:50:03 PM6/28/15
to web...@googlegroups.com, steve.van...@gmail.com
There is no built-in mechanism since we do not store the time when a password changes but you can do it in this way:
auth.settings.extra_fields['auth_user'] = [Field('password_charged_on','datetime',compute=lambda row: row.password and request.now, writable=False)]
if auth.user and auth.user.password_charged_on + datetime.timedelta(days=30)<request.now: redirect(URL('some_error_page'))
黄祥
Jun 30, 2015, 10:07:26 PM6/30/15
to web...@googlegroups.com, steve.van...@gmail.com
i'll try, thank you so much, massimo.
Leonel Câmara
Jul 2, 2015, 7:51:49 PM7/2/15
to web...@googlegroups.com
I would recommend against this. Passwords expiring is seriously annoying and the security benefits are questionable to say the least. Just demand better passwords and lock users after a few tries if you need more security.
黄祥
Jul 3, 2015, 8:14:43 AM7/3/15
to web...@googlegroups.com
thanks leonel for your recommendation, i'll look forward about lock user after a few input (wrong password) tried.
Reply all
Reply to author
Forward
0 new messages