Uploaded image for project: 'Runtime'
  1. Runtime
  2. RUNTIME-1036

Improve the password security

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • 2.7, 3.9
    • None
    • None
    • None

      At this time the password is encrypted with MD5. This is not enough.

      It is suggested to add a salt, for example.

      File:

      Repository/main/plugin-repositoryapp/src/org/ametys/plugins/repositoryapp/authentificatino/
      AdminRepositoryAuthentification.java:108
      

      Example of resolution

      String salt = "LongStringForExtraSecurity@#$!%^&*(*)1234567890";
      String unecryptedPassword = "Secret123";
      MessageDigest messageDigest=null;
      try {
      messageDigest = MessageDigest.getInstance("SHA");
      messageDigest.update((unecryptedPassword+salt).getBytes());
      } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
      }
      

            lbouchet Loïc Bouchet
            fravetier Frederic Ravetier (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: