Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JAVA UME Security Question(s)

Go to solution
Former Member

‎06-21-2011 5:29 AM

0 Kudos

Hi,

I was hoping that someone in the community might have some advice. I would like to use the "Security Question" feature of the Java UME to allow users to maintain a security question (for password reset). However my security policy requires that the user maintain 6 security questions and answers (not only one).

I assume I could achieve this only by custom development using the UME APIs to create a custom password reset scenario (and perhaps create a few additional UME attributes to store Q&As. Before I go down that path I want to ask if anyone has any other ideas or a more standard way.

Thanks,

Simon

1 ACCEPTED SOLUTION

Go to solution
martin_voros
Active Contributor

‎06-22-2011 1:04 AM

0 Kudos

Hi,

I doubt there is a better way than developing your own custom application. Don't forget to protect answers using hash function. If you have a choice I would suggest to using something like bcrypt instead of SHA-1 for storing passwords.

Cheers

3 REPLIES 3

Go to solution
martin_voros
Active Contributor

‎06-22-2011 1:04 AM

0 Kudos

Hi,

I doubt there is a better way than developing your own custom application. Don't forget to protect answers using hash function. If you have a choice I would suggest to using something like bcrypt instead of SHA-1 for storing passwords.

Cheers

Go to solution
davefitzgibbon
Advisor
Advisor

‎06-24-2011 11:08 AM

0 Kudos

Hi Simon,

As a more standard way without much customisation, You can enable Self Registration. Basically this allows users to setup their own account along with 1 security question that can be used to reset their password

Have a look at the followings help document

http://help.sap.com/saphelp_nw70/helpdata/en/45/7e6313d8780dece10000000a11466f/frameset.htm

Other options to enable users to reset their own password are listed in this link

http://help.sap.com/saphelp_nw70/helpdata/en/45/7e6313d8780dece10000000a11466f/frameset.htm

Thanks,

Dave

Edited by: David Fitzgibbon on Jun 24, 2011 12:09 PM

Go to solution
Former Member

‎06-25-2011 10:20 PM

0 Kudos

If it is only for the reset of the password (i.e. not for the creation of the account) then there are several applications which offer these services.

GRC and IdM do, with multiple question possibilities. IdM also has the option of using geographic indicators and business data (e.g. the invoice number on line <variable> of the <variable> last account statement). This is much better than favourite colour or maiden name...

There are also many external tools which do the same using different flavours.

Cheers,

Julius