Question

I want to apply the password policy that is defined through System security in a microflow before committing an object, how can that be done?

1

I have an entity that is no account object and has a password as attribute. Of course I can implement this check myself, but I prefer to retrieve the policy runtime. So that if ever I decide to change the policy, no change in the modeler is required.

asked 2017-02-02

Yvonne Kleefkens

2 answers

Chris de Gelder · Answer 1 · 2017-02-02

I you define a built-in Mendix system security it will be applied automatically. However you can leave that security and disable it by setting every 0 and false and create a security-object yourself with the settings like length, capitals, etc. Check that rules in the microflow: Administration.ChangePassword and return a validation message if the rules are broken.

To prevent re-use of already used passwords store a hash in a PasswordHash entity and compare the hash of the new password with the passPasswordHashes, if equal reject this new password. Never store a password in the database.

John Cornegge · Answer 2 · 2017-02-02

Hi Yvonne,

You are not able to retrieve the password policy at runtime so you would have to implement this check yourself as you suggested.
A regular expression stored in a Constant which you can use to match a given password with could be an option.

https://docs.mendix.com/refguide6/regular-expressions

If you want to change the policy, you would have to update the modeler regardless. You would need to apply that change to your regular expression as well.

Cheers,