Solved: Re: Can I restrict user password or give a warning... - Qlik Community

uacg0009 · ‎2017-03-26

Hi all,

For security, our company want me to set a warning for every user who needs to change their password every 30 days, and also want to restrict their password, like must more than 6 bit or must start with a capital word something like that.

I don't know whether I can do that in Qlikview Server or using js, if can, how to do that?

Thanks.

Aiolos Zhao

Peter_Cammaert · ‎2017-03-28

No you cannot. But that is new information so my previous replies do not apply to your situation (it's always better to give those details from the start in your Original Post, makes discussions shorter and more to the point)

Custom directory operates its own list of user definitions which can only be managed from inside the QMC or from custom applications. You cannot mix Custom Directory with AD or any standard premission system like NTFS, simply because for example Custom Directory users do not exist in NTFS or AD. They only exist inside QlikView.

Actually, I think you answered your own question here (last sentence): Re: Can I restrict user password or give a warning for changing the password every 30 days?

You should indeed talk to your web developer. One big advantage of a system like Custom Directory is that you can extend it yourself. However, to do that you'll need someone with web programming experience, like you said yourself.

Custom Directory users are defined in an xml file called C:\ProgramData\QlikTech\DirectoryServiceConnector\CustomDirectoryData.xml. There is no tag that stores the timestamp of definition or last password change, but that can be compensated by either requesting password changes on a fixed date (for example, every first of the month) or by storing password expiry dates in a new xml file and letting the login page handle the data from these two.

Best,

Peter

View solution in original post

Anil_Babu_Samineni · ‎2017-03-26

Even Qlikview i also don't know. But by help of Javascript it is possible.

Can you start searching on JS Validation for form in html

Best Anil, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful

uacg0009 · ‎2017-03-26

Thanks for reply, so do you mean I can change or add js script on login page?

Anil_Babu_Samineni · ‎2017-03-27

Would you mind, Can you share your login file and path where this situated in (please hide username)

And then Look Attachment

Best Anil, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful

uacg0009 · ‎2017-03-27

Hi Anil,

Thank you so much for your script.

But I'm not familiar with the PHP, and don't know how to use it...

And the login file you mentioned, do you mean the session file of my qlikview server?

could you please give an example for that?

Thanks

Aiolos

Anil_Babu_Samineni · ‎2017-03-27

In fact, I am not familiar with Server end. I am fully into design anyway, for understand, I am expecting Access point custom Login.html page`(Figure it out, Usually they used as base the default "C:\Program Files\QlikView\Web" folder to create the folder for Login)

I am referring the same one.

Best Anil, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful

jonathandienst · ‎2017-03-27

I assume you are using USERID/PASSWORD for opening QV documents. There is no support for password policy enforcement for the Qlikview USERID. This is only suitable for the most elementary security scenarios. You could possibly build your own policy enforcement outside of Qlikview, although the passwords will still go over the network in plain text.

Are your users on a Windows domain? You would be better off using NTNAME rather than UserID. Then you can enforce password policies through Active Directory and the passwords will not be visible anywhere and will not be sent in plain text over the network.

Logic will get you from a to b. Imagination will take you everywhere. - A Einstein

uacg0009 · ‎2017-03-27

Hi Jonathan,

Thanks for reply. I'm using the NTNAME to do the section access, but I'm using the Custom Directory, not AD.

And yes, we are on Windows domain.

So maybe I only can try to do it from outside, so do you mean I need to use js or web method to restrict it when I login?

Thanks

Aiolos

uacg0009 · ‎2017-03-27

Yes, actually I change the login.html, but only for the UI, like font color. But I don't know whether I can restrict the password when I do the login.

Anyway maybe I need to ask our web developer, thanks!

Peter_Cammaert · ‎2017-03-27

No

Typically you don't do this in QlikView or on the QlikView server or in JavaScript or wherever.

Since you are using AD to authenticate your users, you need to configure AD in such a way that

Passwords expire after a preset period of time, and Windows itself will inform your users when they try to log into the domain, that their password has expired and needs to be changed.
Group policies are configured to restrict the length, type and reuse of passwords according to you company policy.

You should talk to your SysAdmin about this.

Peter