Issue Details (XML | Word | Printable)

Key: CORE-1898
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Bruno Marx
Votes: 5
Watchers: 2

If you were logged in you would be able to see more operations.
Firebird Core

Increase the password length from 8 characters to 15 characters or more

Created: 13/May/08 10:26 AM   Updated: 19/Jan/16 04:57 AM
Component/s: Security
Affects Version/s: 2.1.0
Fix Version/s: 3.0 Alpha 1

Environment: All platforms
Issue Links:

Target: 3.0 RC2
QA Status: No test

 Description  « Hide
It would be very desirable to increase the password scheme to support more than 8 characters. Our customer requires us to support a certain number of the Database STIG requirements developed by DISA for the US DoD, including DG0079:

"(DG0079: CAT II) The DBA will ensure database password complexity standards meet current minimum requirements for length (9 characters or more for database application user accounts and 15 characters or more for privileged database accounts) and composition (at least two uppercase characters, two lowercase characters, two special characters, two digits ) where supported by the DBMS".

From DG0079, the SYSDBA password should be at least 15 characters, and other regular user/application passwords at least 9 characters.

Using Firebird 2.1 on Windows platforms, we can always use Windows Authentication to workaround that limitation, although the SYSDBA password length is still an issue.


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 23/Dec/11 12:45 PM
Except longer default passwords in FB3 are also secure: they are not passed over the wire in any way