passwords hash

Description

Environment

None

Activity

Show:
Juliana Corredor T.
July 28, 2012, 4:34 AM

for revision

Carlos Ruiz
August 1, 2012, 6:24 AM

https://bitbucket.org/idempiere/idempiere/changeset/aa6c509f154d3cfec350ea4cf1803ac7af982bda
_________________________

CREDITS:

_________________________

NOTES:

Implementation is backward compatible, by default iDempiere still uses plain passwords.

A new sysconfig system key was created USER_PASSWORD_HASH defaulting to false.
WARNING!!! Don't change this key directly, it must be changed running the process "Convert password to hashes" as System user.

_________________________

Tests conducted (all passed):

Scenarios:

  • backward compatibility: plain

  • backward compatibility: encrypted

  • new functionality: hash

  • extra security: hash+encrypted

  • extra security: encrypted+hash

Tests:

  • swing login

  • zkwebui login

  • webstore login

  • idempiere monitor login

  • create new user via User window

  • create new user via webstore

  • reset password with process

  • reset password changing on User window

  • reset password changing on Contact/BP window

  • reset password via webstore

_________________________

EXTENSIONS NOT TESTED

  • webservices login

  • mobile login

Those need to be checked if integrated to iDempiere

_________________________

Regards,

Carlos Ruiz

Carlos Ruiz
August 2, 2012, 5:26 AM

https://bitbucket.org/idempiere/idempiere/changeset/4d5f162e3c28117e6798f3729958219e4a389de8

found that Remember Me is incompatible with hash password with actual implementation

Anozi Mada
February 19, 2013, 8:57 AM

I have tested webservice with password hash enabled and found a bug. Please check

https://bitbucket.org/idempiere/idempiere/pull-request/66/idempiere-347-remove-unneeded/diff

Carlos Ruiz
March 7, 2013, 3:42 AM

Thanks Anozi, I implemented a different solution here:
https://bitbucket.org/idempiere/idempiere/commits/15fd910
The method you proposed to change was deprecated and a different solution implemented.

We would appreciate if you help us to test the approach is right.

Regards,

Carlos Ruiz

Fixed

Assignee

Carlos Ruiz

Reporter

Juliana Corredor T.

Labels

Tested By

None

Due date

2012/07/23

Priority

Major
Configure