As of SP07, functionality has been introduced into the Store Configurator application to strengthen password requirements for users of the Store Configurator application. The feature consists of configuring a set of rules for the format, minimum/maximum length, and period of validity of a user’s password that will be enforced during logon and when changing an existing application user’s password.

An application idle Lock Out window has been introduced to restrict users from accessing the Store Configurator application should the application enter into a user definable period of inactivity (no mouse activity or keyboard entry). The Lock Out window will only allow the user who is currently logged on to the Configurator to re-enter their user ID and password, to close the Lock Out window, and allow this user to once again interact with the Store Configurator application.

A Security Policies (Configurator) window has been added to the Store Configurator System Setup drop down menu. When the new menu option is selected, the new maintenance window will open allowing rules to be defined for the format of a Store Configurator application user’s password. The maintenance window will only be accessible if the user currently logged on to the Store Configurator application has a user ID set to SAP.

To provide a more secure password, a Security Container is now required to support the hashing of a Store Configurator application user’s password.

A new Store Configurator Password Initialization Utility command line executable (CFGPwIni.exe) has been developed to initialize (hash) all application user passwords in a corresponding Configurator database. This utility is required to be run after upgrading the Store Configurator application in order to logon to the Store Configurator.