1

Security improvements

(05/02/2020 13:36:45 отредактировано hhamedk)

Тема: Security improvements

Hi GT

I have some suggestions to improve Wialon more secure:

1. Set minimum acceptable password lentgth 8 characters

2. Setting minimum password strength for each user (or at least for all users same minimum strength in system)

3. A functionality to make users disable in case of reaching a threshold number of failed logins (it can be editable)

4. Logging all unsuccessful login tries and show unsuccessful login tries after a successful login in system to user

5. Setting maximum concurrent active sessions for each user

6. We all know that Wialon sends avl_evts to it's server and it keeps session alive (preventing session expiration after 300 seconds of inactivity). It would be great if we have an option for each user (or whole system) to tell the system that should consider avl_evts as a request for keeping session alive or not. I mean as this command is a automatic command and is not executed by user, we can exclude it from commands that keep session alive. Is this situation in case that a user doesn't use Wialon then no other command than avl_evts will be executed and then system can close the session after 300 seconds. (As I explained it can be an option and system administrator can set system to consider avl_evts as user activity or not)

7. We have Active sessions for IP in admin panel but we can't set it less than 10, it would be better id admin can set any number like 3 or 1. The IP blocking time out is not editable.

8. Now, a top user can't close an user's sessions. You just can change its password to close all sessions. It's recommended to change the system in a way that if you make user disable then system automatically and immediately close all sessions related to that user.

2

Security improvements

(12/11/2019 16:14:52 отредактировано hhamedk)

Re: Security improvements

Another useful feature is to have an option to force user after first login in WL to change password just like what we have in WH

3

Security improvements

Re: Security improvements

We need to focus a lot on security.
Can we also have authentication using Google Authentication Application. Also the ability to view the password so we can validate mistyping.

Phoenix Solusi
Mobile Visible Secure
Specialists in data acquisition and analysis for mobile and fixed assets. Integration in to content management systems is a specialty we have.
4

Security improvements

(09/11/2019 18:37:07 отредактировано hhamedk)

Re: Security improvements

JohnG wrote:

Also the ability to view the password so we can validate mistyping.

Or better to have a functionality to create random password inside Wialon and a button to copy it as John said. This feature is now a standard feature in most web applications.

5

Security improvements

Re: Security improvements

hhamedk пишет:

to force user

what do you mean here?

Product manager
Gurtam
6

Security improvements

Re: Security improvements

Olga Yaskova, I made a mistake, we have this feature in 1904 now.

7

Security improvements

Re: Security improvements

Hi GT

It would be great if you implement the random password generator and password strength indicator in administration panel of WL for root user.

8

Security improvements

Re: Security improvements

Good ideas and suggestions for the security.

9

Security improvements

Re: Security improvements

Hi GT

Please get involved on this case and share your point of view.

10

Security improvements

Re: Security improvements

Thanks for the useful information

11

Security improvements

Re: Security improvements

Hi GT

Can we expect these new functions on WL 2004?

12

Security improvements

Re: Security improvements

Olga Yaskova, mana , tata , please inform us.

13

Security improvements

Re: Security improvements

Dear Hamed hhamedk,

sorry for keeping silence.

We have studied your requests and can say that for the moment there are no plans to implement them (even partially).

A couple of years ago we have implemented the two-factor authentication which helped our users avoid most of the issues connected with security that they had before that.

Nonetheless, we will be paying attention to the requests that concern security and whether there will be many and they particularly they will be. It is always to better to view issues taken together rather than one by one.

Maria Starikova,
Wialon Hosting Product manager, Gurtam
14

Security improvements

Re: Security improvements

К сожалению, у вас не достаточно прав для просмотра данного текста

Maryia Paklonskaya
Wialon Business Analyst

"The important thing is not to stop questioning" (c)