Enabling user passwords complexity verification and, possibly, other parameters that complicate authentication

Infobase parameters

Infobase parameter settings affect data lock timeout and determine whether restrictions need to apply for user passwords.

Fig. Infobase parameters

You can configure the following parameters:

Data lock timeout (sec.)

Determines the maximum waiting time before the transaction lock is set by the database server. For example, when the current transaction needs to set lock on a database record but the record is already locked by another transaction, the current transaction will wait until the lock is released or the number of seconds specified in this parameter passed. The parameter also determines the transaction lock timeout in 1C:Enterprise managed lock mode.

Changing this parameter (using this dialog box or 1C:Enterprise language) requires administrative rights and enables exclusive mode for Infobase access.

Changes in the data lock timeout value become effective immediately for all databases except IBM DB2. In IBM DB2, you need to restart the database after the data lock timeout value is changed.

Minimum password length

Defines the minimum length of the user password. If Password complexity validation is enabled, the minimum length of the user password is 7 characters.

Password complexity validation

When this parameter is enabled, user passwords must meet the following requirements:

  • The password length must not be less than the value of Password minimal length parameter
  • The password must include characters from at least three of the following groups:
    • Uppercase letters
    • Lowercase letters
    • Digits
    • Special characters
  • The password must not match the username
  • The password must not be an alphabetical sequence of characters.

Enabling these restrictions for Infobase user passwords does not affect the existing passwords. Restrictions will be applied only after the current password is changed or a new Infobase user is added. However, password verification is performed according to the current Infobase settings. In particular, this means a case-sensitivity check is enabled for passwords when Password complexity validation is enabled.

For example, if the user password is PaSs and Password complexity validation is disabled, the user can enter their password as: pass or PASS or PasS, and still be able to log on. After enabling Password complexity validation, the user cannot log on until they enter the case-sensitive password: PaSs.

Passive session hibernation timeout (sec.)

A session that has no activity for the specified time becomes Hibernating.

Hibernating session termination timeout (sec.)

The hibernating session is terminated after the specified time has passed.

Number of totals recalculation jobs

Defines the number of system background jobs used to recalculate register totals upon Infobase restructuring or testing and introducing respective patches. The default value is 4, i.e. to recalculate totals 4 background jobs are started in a row. This parameter is applicable in the Infobase client/server mode only.

Maximum number of failed authentication attempts

For a detailed description of this parameter, see By default, when the password is under attack.

Block duration when the maximum number of failed authentication attempts is exceeded (in seconds)

For a detailed description of this parameter, see By default, when the password is under attack.

Username add-on codes used when authentication is blocked

For a detailed description of this parameter, see By default, when the password is under attack.

The Infobase parameters can be changed or received from the 1C:Enterprise language using the following methods:

  • Infobase lock timeout‑ SetDataLockTimeout()/GetDataLockTimeout().
  • User password minimal length ‑ SetUserPasswordMinimalLength()/GetUserPasswordMinimalLength().
  • User password strength check flag ‑ SetUserPasswordStrengthCheck()/GetUserPasswordStrengthCheck().
  • Passive session sleep timeout ‑ SetPassiveSessionSleepTimeout()/GetPassiveSessionSleepTimeout().
  • Passive session termination timeout ‑ SetPassiveSessionTerminationTimeout()/GetPassiveSessionTerminationTimeout().
  • Number of totals recalculation jobs‑ SetNumberOfTotalsRecalculationJobs()/GetNumberOfTotalsRecalculationJobs().
  • Infobase time zone ‑ SetInfobaseTimeZone()/GetInfobaseTimeZone().
  • Full-text data search mode‑ SetFullTextSearch()/GetFullTextSearch().
  • The first year of the century‑ SetBeginningOfTheCenturyOfInfobase()/ReceiveBeginningOfTheCenturyOfInfobase()/BeginningOfCenturyOfSession().

    The parameter is used in cases where it is necessary to define the whole year of the date from the last two digits. When the first year of the century is set to "1950" (the default value), then the numbers of the year "49" will correspond to the year "2049", and the numbers of the year "50" will correspond to the year "1950".

When the Infobase parameters are set in the transaction using the 1C:Enterprise language (using the methods listed above), the corresponding "GET" method returns:

  • In the current session:
    • Before transaction end ‑ the latest value
    • After transaction commit ‑ the latest value
    • After transaction rollback ‑ the value at transaction start
  • In another session:
    • Outside of transaction in record-locking databases (Microsoft SQL Server, IBM DB2) ‑ the latest value, not later than 20 seconds after the value is set After transaction rollback ‑ the value at transaction start, not later than 20 seconds after the rollback
    • In transaction and for versioned databases (file mode, PostgreSQL, Oracle Database) ‑ the latest value, no later than 20 seconds after committing the transaction in which the value was set

In the client/server mode, when the parameter value is set from the thick client-side, the change is immediately visible at the server-side, and vice versa.

Be the first to know tips & tricks on business application development!

A confirmation e-mail has been sent to the e-mail address you provided .

Click the link in the e-mail to confirm and activate the subscription.