Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

JAVA UME Security Question(s)

Go to solution
Former Member

‎2011 Jun 21 5:29 AM

0 Likes
591

Hi,

I was hoping that someone in the community might have some advice. I would like to use the "Security Question" feature of the Java UME to allow users to maintain a security question (for password reset). However my security policy requires that the user maintain 6 security questions and answers (not only one).

I assume I could achieve this only by custom development using the UME APIs to create a custom password reset scenario (and perhaps create a few additional UME attributes to store Q&As. Before I go down that path I want to ask if anyone has any other ideas or a more standard way.

Thanks,

Simon

1 ACCEPTED SOLUTION
Read only

Go to solution
mvoros
Active Contributor

‎2011 Jun 22 1:04 AM

0 Likes
553

Hi,

I doubt there is a better way than developing your own custom application. Don't forget to protect answers using hash function. If you have a choice I would suggest to using something like bcrypt instead of SHA-1 for storing passwords.

Cheers

3 REPLIES 3
Read only

Go to solution
mvoros
Active Contributor

‎2011 Jun 22 1:04 AM

0 Likes
554

Hi,

I doubt there is a better way than developing your own custom application. Don't forget to protect answers using hash function. If you have a choice I would suggest to using something like bcrypt instead of SHA-1 for storing passwords.

Cheers

Read only

Go to solution
davefitzgibbon
Product and Topic Expert
Product and Topic Expert

‎2011 Jun 24 11:08 AM

0 Likes
553

Hi Simon,

As a more standard way without much customisation, You can enable Self Registration. Basically this allows users to setup their own account along with 1 security question that can be used to reset their password

Have a look at the followings help document

http://help.sap.com/saphelp_nw70/helpdata/en/45/7e6313d8780dece10000000a11466f/frameset.htm

Other options to enable users to reset their own password are listed in this link

http://help.sap.com/saphelp_nw70/helpdata/en/45/7e6313d8780dece10000000a11466f/frameset.htm

Thanks,

Dave

Edited by: David Fitzgibbon on Jun 24, 2011 12:09 PM

Read only

Go to solution
Former Member

‎2011 Jun 25 10:20 PM

0 Likes
553

If it is only for the reset of the password (i.e. not for the creation of the account) then there are several applications which offer these services.

GRC and IdM do, with multiple question possibilities. IdM also has the option of using geographic indicators and business data (e.g. the invoice number on line <variable> of the <variable> last account statement). This is much better than favourite colour or maiden name...

There are also many external tools which do the same using different flavours.

Cheers,

Julius