1

Security improvements

(edited by hhamedk 03/11/2019 21:23:32)

Topic: Security improvements

Hi GT

I have some suggestions to improve Wialon more secure:

1. Set minimum acceptable password lentgth 8 characters

2. Setting minimum password strength for each user (or at least for all users same minimum strength in system)

3. A functionality to make users disable in case of reaching a threshold number of failed logins (it can be editable)

4. Logging all unsuccessful login trie and show unsuccessful login tries after a successful login in system to user

5. Setting maximum concurrent active sessions for each user

6. We all know that Wialon sends avl_evts to it's server and it keeps session alive (preventing session expiration after 300 seconds of inactivity). It would be great if we have an option for each user (or whole system) to tell the system that should consider avl_evts as a request for keeping session alive or not. I mean as this command is a automatic command and is not executed by user, we can exclude it from commands that keep session alive. Is this situation in case that a user doesn't use Wialon then no other command than avl_evts will be executed and then system can close the session after 300 seconds. (As I explained it can be an option and system administrator can set system to consider avl_evts as user activity or not)

7. We have Active sessions for IP in admin panel but we can't set it less than 10, it would be better id admin can set any number like 3 or 1. The IP blocking time out is not editable.

8. Now, a top user can't close an user's sessions. You just can change its password to close all sessions. It's recommended to change the system in a way that if you make user disable then system automatically and immediately close all sessions related to that user.

2

Security improvements

(edited by hhamedk 12/11/2019 16:14:52)

Re: Security improvements

Another useful feature is to have an option to force user after first login in WL to change password just like what we have in WH

3

Security improvements

Re: Security improvements

We need to focus a lot on security.
Can we also have authentication using Google Authentication Application. Also the ability to view the password so we can validate mistyping.

Phoenix Solusi
Mobile Visible Secure
Specialists in data acquisition and analysis for mobile and fixed assets. Integration in to content management systems is a specialty we have.
4

Security improvements

(edited by hhamedk 09/11/2019 18:37:07)

Re: Security improvements

JohnG wrote:

Also the ability to view the password so we can validate mistyping.

Or better to have a functionality to create random password inside Wialon and a button to copy it as John said. This feature is now a standard feature in most web applications.

5

Security improvements

Re: Security improvements

hhamedk wrote:

to force user

what do you mean here?

Product manager
Gurtam
6

Security improvements

Re: Security improvements

Olga Yaskova, I made a mistake, we have this feature in 1904 now.