Loading...

XML

Word

Printable

Type: Improvement
Resolution: Fixed
Priority: Major
Fix Version/s: 2.7, 3.9
Affects Version/s: None
Component/s: None
Labels:
None

At this time the password is encrypted with MD5. This is not enough.

It is suggested to add a salt, for example.

File:

Repository/main/plugin-repositoryapp/src/org/ametys/plugins/repositoryapp/authentificatino/
AdminRepositoryAuthentification.java:108

Example of resolution

String salt = "LongStringForExtraSecurity@#$!%^&*(*)1234567890";
String unecryptedPassword = "Secret123";
MessageDigest messageDigest=null;
try {
messageDigest = MessageDigest.getInstance("SHA");
messageDigest.update((unecryptedPassword+salt).getBytes());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Ametys - 01 Runtime_v3.patch
31 kB
10/Apr/14 16:06
Ametys - 07 CMS_v3.patch
19 kB
10/Apr/14 16:06

Référence

RUNTIME-795 Enhance SQL passwords protection

Closed

Assignee:: Loïc Bouchet

Reporter:: Frederic Ravetier (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 18/Jul/13 14:23

Updated:: 13/Mar/15 18:01

Resolved:: 11/Apr/14 11:57