Closed fcharih closed 5 years ago
Additional comment: Clinicians should be prompted to periodically confirm their identity. Two options for this:
Answer: The application on the tablet sees the user name and password in clear text. It can store them locally (salted and hashed), and allow login if the server is unavailable.
A password reset/change at the webserver still needs to be handled at the first opportunity, so the app should check in with the server and clear the local password hash if authentication to the server fails with the current password.
Password hash logic:
Problem: Local authentication should be supported. Clinicians should be able to authenticate even if the network is down.