I know that some of use have sometime used the forgot password feature in any website, So this is what I need to know:
- Any posibilities to create a feature like this within DOORS, in which the user click and an automatic email is received with the new temp password?
- Any posibilities to create it using an encrypted batch file to hide the username?
- Anyone knows how to prompt the Old password: New password: Confirm New password:
SystemAdmin - Fri Mar 25 13:55:53 EDT 2011
Re: How to create a Password Recovery Feature outside DOORS?
llandale - Fri Mar 25 15:24:49 EDT 2011
You could have some special DOORS user with a particular Email account that recieves failed login attempts. This user could somehow always be logged into some protected server with outlook running; where when it got such an email there is a rule taht fires off some VBA macro that determines if a reset is in order, and proceeds to write a DXL to do that in batch mode. I just gave Mathias indigestion, for reasons there are only 6 folks who know.
No, just lower your expectations. Folks who forget their DOORS password need a half day to get it reset manually.
- Louie
I was tempted to make the "silk purse/sow's ear" remark, but instead I'll go with the "Leapard and its spots" or the "Acorn and the tree" remark.
Re: How to create a Password Recovery Feature outside DOORS?
Mathias Mamsch - Fri Mar 25 17:15:55 EDT 2011
I guess it would make no sense to have an "I forgot my password" dialog in DOORS, because... well how did the guy get logged in? So no reason to reimplement the old password, new password, confirm password dialog, because ... well its already in DOORS and if you forgot your password you will not be able to call it.
And I would really advise you to NOT put some admin password in some encrypted batch file. Those files would need to call doors.exe with username and password in plaintext, and this will make revealing the user and password a piece of cake, no matter how hard you encrypt it.
And yes you can set the password of a user using:
setUser (find strUserName, password, strPassword)
when you are logged as Administrator or a user with manage user powers. At least I guess. Regards, Mathias
Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS
Re: How to create a Password Recovery Feature outside DOORS?
SystemAdmin - Mon Mar 28 07:03:54 EDT 2011
Mathias Mamsch - Fri Mar 25 17:15:55 EDT 2011
I guess it would make no sense to have an "I forgot my password" dialog in DOORS, because... well how did the guy get logged in? So no reason to reimplement the old password, new password, confirm password dialog, because ... well its already in DOORS and if you forgot your password you will not be able to call it.
And I would really advise you to NOT put some admin password in some encrypted batch file. Those files would need to call doors.exe with username and password in plaintext, and this will make revealing the user and password a piece of cake, no matter how hard you encrypt it.
And yes you can set the password of a user using:
setUser (find strUserName, password, strPassword)
when you are logged as Administrator or a user with manage user powers. At least I guess. Regards, Mathias
Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS
I currently have a way to reset the password with a temporary password, that is not really temporary because it can be used at any time, there is no way to reset the user's password and then when i log in a window prompts like when the first time you create a user.
Re: How to create a Password Recovery Feature outside DOORS?
Mathias Mamsch - Mon Mar 28 08:22:46 EDT 2011
SystemAdmin - Mon Mar 28 07:03:54 EDT 2011
What i'm trying to implement is a mechanism in which i don't need to send the user an email when they forgot their passwords.
I currently have a way to reset the password with a temporary password, that is not really temporary because it can be used at any time, there is no way to reset the user's password and then when i log in a window prompts like when the first time you create a user.
You can set a temporary password, and set the password expiry. Unfortunately the password expiry will stay, so the user must change his password every time he logs in ;-)
User u = find "GuyWhoForgotHisPassword" u.password = "newdummy" // sendMailToUser(u, "Your new password is: newdummy") // we dont want this: u.passwordLifetime = -1
So the problem would be there, how to reset the passwordLifetime once the user logged in ;-) So no good solution here... I think a good solution would be to assign a real strong random password to the user, and letting him know it. Then he will change the password just for the ease of login himself,if not he has a real strong password, which is good ...
What I don't get from your reply is, if you are satisfied with the answers you got, or if you need any more help? Why don't you want a solution which will send an email to the user with a new password? IT Policy? The problem is somehow you need to authenticate the user, when he lost his password. If you do not use his email, what do you want to use?
Regards, Mathias
Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS
Re: How to create a Password Recovery Feature outside DOORS?
SystemAdmin - Mon Mar 28 08:42:45 EDT 2011
Mathias Mamsch - Mon Mar 28 08:22:46 EDT 2011
You can set a temporary password, and set the password expiry. Unfortunately the password expiry will stay, so the user must change his password every time he logs in ;-)
User u = find "GuyWhoForgotHisPassword" u.password = "newdummy" // sendMailToUser(u, "Your new password is: newdummy") // we dont want this: u.passwordLifetime = -1
So the problem would be there, how to reset the passwordLifetime once the user logged in ;-) So no good solution here... I think a good solution would be to assign a real strong random password to the user, and letting him know it. Then he will change the password just for the ease of login himself,if not he has a real strong password, which is good ...
What I don't get from your reply is, if you are satisfied with the answers you got, or if you need any more help? Why don't you want a solution which will send an email to the user with a new password? IT Policy? The problem is somehow you need to authenticate the user, when he lost his password. If you do not use his email, what do you want to use?
Regards, Mathias
Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS
Now that i know that is so complicated I need to make sure to review the emails at least every hour.
Thanks a lot for all the information.
Re: How to create a Password Recovery Feature outside DOORS?
llandale - Mon Mar 28 14:44:53 EDT 2011
SystemAdmin - Mon Mar 28 08:42:45 EDT 2011
The reason of my questions is that sometimes I have a delay(1-4 hours), when answering emails to reset user's passwords. This is probably because I'm not at my desk or I am busy with some other stuff and I am not reading my email. Because of this I wanted to implement said mechanism to ensure the user can continue working avoiding the delay.
Now that i know that is so complicated I need to make sure to review the emails at least every hour.
Thanks a lot for all the information.
I found no way to clear the "user has indeed ever logged in" boolean part of the user properties. But then, why should the admins care if the user continues to use her random "temporary" password?
I think you need to let this one go.
- Louie
Re: How to create a Password Recovery Feature outside DOORS?
SystemAdmin - Mon Mar 28 15:23:05 EDT 2011
llandale - Mon Mar 28 14:44:53 EDT 2011
You could monkey with the login screen to detect a password reset request figuring to send that password via auto-email, the problem would be how to get that new random password into the database considering the fact that <1> nobody is logged in, and <2> changing passwords requires DOORS admin rights. I suppose you could get VERY elaborate and install some clever DOORS client running on the Server and figure out how to contact it from the DOORS login screen. Yuuuuck.
I found no way to clear the "user has indeed ever logged in" boolean part of the user properties. But then, why should the admins care if the user continues to use her random "temporary" password?
I think you need to let this one go.
- Louie
Thanks for all the information.
Have a great one!
Re: How to create a Password Recovery Feature outside DOORS?
llandale - Mon Mar 28 17:03:37 EDT 2011
SystemAdmin - Mon Mar 28 15:23:05 EDT 2011
I will let this one go. I think the current program I have is ok, i just need to remind my self every x amount of minutes to check for password reset requests.
Thanks for all the information.
Have a great one!
Communicator is perfect for short deal-with-now messages like this.
- Louie
Re: How to create a Password Recovery Feature outside DOORS?
Jean-MarcJoncour - Fri Apr 22 06:06:16 EDT 2011
llandale - Mon Mar 28 17:03:37 EDT 2011
Outlook will let you create a rule to do something when (perhaps) the subject of an arriving Email contains "Reset".
Communicator is perfect for short deal-with-now messages like this.
- Louie
- A web form written in PHP can be used by any Doors user to submit a Doors psw change request (admins accounts are excluded). User has to authenticate first before submitting the form, Users information is retrieved from Corporate directory services database. Output is a text file
- Another script written in PERL running on a Windows machine checks on a regular basis if above output file exists. If it does, a random password is being generated using some letters taken from the user name + a random number .
- A DXL script is being generated based on above data and then executed automatically.
- Finally a nice HTML email is being sent to the end user to inform him about the new password + some support type information.
There is also another process (semi-manual by now) looking for several consecutive "User authentication failure" emails which sends an e-mail to the Doors end-user with the URL of the 'Doors Password reset' web form.
I've included some screenshots.
Hope this helps.
Attachments
attachment_14609480_doors_psw_reset_screenshots.pdf
Re: How to create a Password Recovery Feature outside DOORS?
llandale - Mon Apr 25 11:22:07 EDT 2011
Jean-MarcJoncour - Fri Apr 22 06:06:16 EDT 2011
Here below is the automated process I've setup.
- A web form written in PHP can be used by any Doors user to submit a Doors psw change request (admins accounts are excluded). User has to authenticate first before submitting the form, Users information is retrieved from Corporate directory services database. Output is a text file
- Another script written in PERL running on a Windows machine checks on a regular basis if above output file exists. If it does, a random password is being generated using some letters taken from the user name + a random number .
- A DXL script is being generated based on above data and then executed automatically.
- Finally a nice HTML email is being sent to the end user to inform him about the new password + some support type information.
There is also another process (semi-manual by now) looking for several consecutive "User authentication failure" emails which sends an e-mail to the Doors end-user with the URL of the 'Doors Password reset' web form.
I've included some screenshots.
Hope this helps.
Re: How to create a Password Recovery Feature outside DOORS?
softwear - Wed Dec 20 02:59:48 EST 2017
llandale - Mon Apr 25 11:22:07 EDT 2011
So the DXL script runs in batch mode? How do you hide the DOORS DB Manager's email, which must be available to run in batch?
Read more: Excel Password Recovery