KIS云旗舰版V7.0.1综合补丁PT160293增强了密码安全策略功能,包括强制初次登录修改密码、多次错误登录锁定账号、启用强密码策略等,并默认设置密码复杂度、历史重复及有效期限制。同时提供了数据库脚本以批量取消密码安全策略设置,便于管理大量账套时的密码策略调整。
KIS云旗舰版V7.0.1综合补丁PT160293更新了密码安全策略功能
一、KIS云·旗舰版用户密码安全策略改造说明
1.参数增加
用户管理-参数设置中,增加参数(1)初次登录强制修改密码;(2)密码5次输入错误后账号自动锁定1小时
2、强密码策略默认启用
本次补丁更新了密码策略功能,并默认启用。即
(1)用户密码符合复杂度(同时包含数字、字符和特殊字符)默认勾选
启用此选项后,再次修改密码时,会要求密码必须同时包含字母、数字、特殊字符(ASCII码范围)
(2)修改用户密码时不能与最近3次修改的用户密码相同默认勾选
启用此选项后,再次修改密码时,会要求新设置的密码不能与前3次一样
(3)用户密码最小长度默认为8位
启用此选项后,再次修改密码时,会要求密码至少设置相应位数
(4)初次登录强制修改密码默认勾选
启用此选项后, 新创建的用户,在第一次登录时会被要求先自己修改密码然后才能继续登录
(5)密码5次输入错误后账号自动锁定1小时默认勾选
启用此选项后,用户在产品端登录时,输错将会触发5次锁定控制
(6)用户密码有效期默认为180天
用户当前所用的密码,自打补丁之日起默认开启180天有效期时限,密码到期前15天内登录软件会提示用户修改密码;若超过这个期限登录会提示密码已过期,必须修改密码后才可继续登录。管理员在用户管理中可以为用户修改这个期限或者不使用。
二、数据库语句取消用户密码安全策略
针对账套较多时逐个取消密码策略很麻烦,现将处理脚本提供如下
1、旗舰版用户密码安全策略涉及到的字段信息
--20210923_KS_BT-00502253【KIS云旗舰-综合补丁PT160293-需求】旗舰版密码策略改造-BEGIN
--改动1:
If Object_Id('t_PsdSecurityTempList') is null
BEGIN
----增加表存储临时用户ID(现有用户)
CREATE TABLE [t_PsdSecurityTempList](
[FUserID] [int] NOT NULL,
[FExpiredDate] [datetime] NULL,
[FNote] [varchar](255) NULL,
CONSTRAINT [pk_PsdSecurityTempList] PRIMARY KEY CLUSTERED
(
[FUserID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
)
Insert Into t_PsdSecurityTempList(FUserID, FExpiredDate, FNote)
Select FUserID, GETDATE() + 60, '密码安全策略老用户' from t_User
If Not Exists(select 1 from t_SystemProfile where FCategory = 'Base' and FKey = 'IsChangePwdFirstLogin')
Insert Into t_SystemProfile(FCategory,FKey,FValue,FReadonly,FDescription,FLevel,FExplanation,FFormat,FSort,FDescription_cht,FDescription_en,FClassify)
Values('Base','IsChangePwdFirstLogin', -1, 0, NULL, 2, NULL, NULL, NULL, NULL, NULL, '')
If Not Exists(select 1 from t_SystemProfile where FCategory = 'Base' and FKey = 'IsLockAccountAfterFive')
Insert Into t_SystemProfile(FCategory,FKey,FValue,FReadonly,FDescription,FLevel,FExplanation,FFormat,FSort,FDescription_cht,FDescription_en,FClassify)
Values('Base','IsLockAccountAfterFive', -1, 0, NULL, 2, NULL, NULL, NULL, NULL, NULL, '')
If Not Exists(select 1 from t_SystemProfile where FCategory = 'Base' and FKey = 'UserPwdMinLen')
Insert Into t_SystemProfile(FCategory,FKey,FValue,FReadonly,FDescription,FLevel,FExplanation,FFormat,FSort,FDescription_cht,FDescription_en,FClassify)
Values('Base','UserPwdMinLen', 8, 0, NULL, 2, NULL, NULL, NULL, NULL, NULL, '')
Update t Set t.FValue = 8 from t_SystemProfile t where FCategory = 'Base' and FKey = 'UserPwdMinLen'
If Not Exists(select 1 from t_SystemProfile where FCategory = 'Base' and FKey = 'IsCheckUserPwdComplex')
Insert Into t_SystemProfile(FCategory,FKey,FValue,FReadonly,FDescription,FLevel,FExplanation,FFormat,FSort,FDescription_cht,FDescription_en,FClassify)
Values('Base','IsCheckUserPwdComplex', -1, 0, NULL, 2, NULL, NULL, NULL, NULL, NULL, '')
Update t Set t.FValue = -1 from t_SystemProfile t where FCategory = 'Base' and FKey = 'IsCheckUserPwdComplex'
If Not Exists(select 1 from t_SystemProfile where FCategory = 'Base' and FKey = 'IsCheckUserPwdEdit')
Insert Into t_SystemProfile(FCategory,FKey,FValue,FReadonly,FDescription,FLevel,FExplanation,FFormat,FSort,FDescription_cht,FDescription_en,FClassify)
Values('Base','IsCheckUserPwdEdit', -1, 0, NULL, 2, NULL, NULL, NULL, NULL, NULL, '')
Update t Set t.FValue = -1 from t_SystemProfile t where FCategory = 'Base' and FKey = 'IsCheckUserPwdEdit'
Update t_User Set FPwValidDay = 180, FPwCreateDate = GETDATE() Where FPwValidDay = 0
END
2、取消用户密码安全策略脚本
update t_SystemProfile set FValue=0 where FKey in ('IsChangePwdFirstLogin','IsLockAccountAfterFive','UserPwdMinLen','IsCheckUserPwdComplex','IsCheckUserPwdEdit')
推荐阅读