At this time the password is encrypted with MD5. This is not enough.
It is suggested to add a salt, for example.
File:
Repository/main/plugin-repositoryapp/src/org/ametys/plugins/repositoryapp/authentificatino/ AdminRepositoryAuthentification.java:108
Example of resolution
String salt = "LongStringForExtraSecurity@#$!%^&*(*)1234567890"; String unecryptedPassword = "Secret123"; MessageDigest messageDigest=null; try { messageDigest = MessageDigest.getInstance("SHA"); messageDigest.update((unecryptedPassword+salt).getBytes()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); }
- Référence
-
RUNTIME-795 Enhance SQL passwords protection
-
- Closed
-
[RUNTIME-1036] Improve the password security
Frederic Ravetier (Inactive)
made changes -
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Laurence Aumeunier
made changes -
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Laurence Aumeunier
made changes -
| Fix Version/s | New: 2.6 [ 11916 ] |
Laurence Aumeunier
made changes -
| Fix Version/s | New: 3.7_LTE [ 11281 ] | |
| Fix Version/s | Original: 3.6 [ 11785 ] | |
| Fix Version/s | Original: 3.7_LTE [ 11927 ] | |
| Key |
Original:
|
New:
|
| Project | Original: CMS [ 10021 ] | New: Runtime [ 10020 ] |
| Attachment | New: Ametys - 07 CMS_v3.patch [ 14665 ] |
| Attachment | New: Ametys - 01 Runtime_v3.patch [ 14664 ] |
Laurence Aumeunier
made changes -
| Assignee | New: Loïc Bouchet [ lbouchet ] |
Laurence Aumeunier
made changes -
| Fix Version/s | New: 3.6 [ 11785 ] | |
| Fix Version/s | New: 3.7_LTE [ 11927 ] |
Laurence Aumeunier
made changes -
| Issue Type | Original: Bug [ 1 ] | New: Improvement [ 4 ] |
Nicolas Gavalda (Inactive)
made changes -
| Link |
New:
This issue Référence |
Frederic Ravetier (Inactive)
created issue -
