Skip to main content

​ 

Hello,

I have a question regarding password security and maximum length for login to the Assyst Portal (AssystWEB). 

In today’s landscape longer passwords are a must to comply with security best practices and guidelines. Our company policy dictates a minimum character length for passwords that are not to be regularly changed.

However, we have some issues in this area where login to the application using the GUI is needed, but users have passwords that are longer than 30 characters and this causes conflict with the maxlength. 

This current maxlength impacts authentication where login is prompted Database or using LDAP as the Server Security Mapping for assystWeb.


Is there a reason as to why the Assyst Portal password field has a maxlength set to 30 on the login page?

assystweb Password field maxlength="30"

Is it possible to modify the .ear or .war files to increase this value to allow AD serviceusers, and assyst global users (such as ZZGLOBAL, ZZENG etc.) to login to the application even if they have a DB or AD login password that is longer than 60-70 characters?

 

I look forward to hearing from you

 

Kind regards,

Richard

Hello Richard,


The password field has an attribute maxlength="30" which means only the first 30 characters 
will be accepted in the login form.

Hence, if the password is 60 characters, then the system will only be using the first 30, and so the user will fail to login.

there is a limitation on assystweb

 

self-service portal also same
https://wiki.axiossystems.com/assyst11-8Wiki/index.php/Contact_User_Form

Password

This field defines a password for a Contact User to use in order to access Self-Service Portal. This password works in combination with the User Alias defined below.

The format, and constraints of the password will depend on the database which assyst is operating with. However it is best to assume that the Password will be case sensitive.

The password can have a maximum of 30 characters and is encrypted in the database using a 128 Bit MD5 hashing algorithm.

 

Best Regards,

Oshadi

Reply


Terms & ConditionsCookie settings