Time
S
Nick
Message
02:58 axfelix joined #dataverse
05:12 axfelix joined #dataverse
13:12 bsilverstein joined #dataverse
13:57 pameyer joined #dataverse
14:27 pdurbin
pameyer: welcome back! I hope you had a good time in Maine.
14:28 pameyer
pdurbin: thanks - it was an interesting conference
14:28 pameyer
how much excitement did I miss?
14:29 pdurbin
well, it sounds like Bill is making a lot of progress: "added filesystem import job execution to edu.harvard.iq.dataverse.api.Datasets.receiveChecksumValidationResults
14:31 pdurbin
pameyer: did I ask you already how interested you are in this issue? User account cannot be disabled/deactivated · Issue #2419 · IQSS/dataverse - https://github.com/IQSS/dataverse/issues/2419
14:31 pdurbin
I'm asking because I'd like to make a pull request soonish.
14:31 pdurbin
so now's a good time to influence the design
14:31 pameyer
you might've asked me; but I'll take a look
14:31 pdurbin
bricas: are you interested in that issue?
14:35 pameyer
pdurbin: don't see much design in that page :)
14:35 pameyer
I can see it being a useful feature. probably not frequently for us, but in cases where it's needed it's likely to be very needed
14:37 pameyer
this reminded me about users switching institutions - is this something that fits here, or in a different context?
14:38 pdurbin
heh. very needed
14:38 pdurbin
pameyer: basically, you'd be able to lock account indefinitely with a superuser API call
14:38 pdurbin
and you could unlock them if need be
14:39 pameyer
that sounds like it would work for me
14:39 pdurbin
also, accounts lock themselves temporarily if there are too many bad password attempts, but that's for a different issue: https://github.com/IQSS/dataverse/issues/3153
14:39 pameyer
that one I remember talking about
14:40 pdurbin
pameyer: oh, something else that's going on in this space is password complexity: https://github.com/IQSS/dataverse/issues/3150
14:40 pdurbin
are you happy with the current enforcement of password complexity?
14:41 pdurbin
right now it's "The password must have at least one letter, one number and be at least 6 characters in length."
14:43 pameyer
256**6 ?
14:43 pameyer
btw - is the "10 attempts" in 3153 configurable?
14:44 pdurbin
yep. configurable. by default it's 3 strikes and you're out
14:44 pdurbin
you can also configure how long the account is locked out. default is 60 minutes
14:44 pameyer
cool
14:45 pameyer
for complexity; I'm not sure if I'm the best to offer an opinion - but 1 letter, 1 number and 6 characters seems on the lower side to me
14:45 pdurbin
yeah, it doesn't meet http://policy.security.harvard.edu/sa2-complex-passwords
14:46 pdurbin
so at https://dataverse.harvard.edu we'll be forcing more complex passwords some day
14:48 pdurbin
there's also an account-related project that bsilverstein is working on (email confirmation: https://github.com/IQSS/dataverse/issues/2170 )
16:52 bsilverstein joined #dataverse
20:31 pdurbin
bsilverstein: I just pushed https://github.com/IQSS/dataverse/commit/ab55794 so you'll need to pull the latest.
