Improved Password Storage

Introduction

Joget enhances password security by implementing advanced hashing and encryption techniques. This ensures that user credentials are stored securely and are protected against unauthorized access.

How does it work?

The security improvements in Joget involve two key components:

Hash Function: Passwords are hashed using the SHA-256 algorithm with added salt, ensuring that each password is uniquely protected.
2-Way Encryption: For cases where encryption is required, Joget uses the PBEWithMD5AndDES algorithm. This encryption method can be replaced with a custom implementation if stronger encryption is needed.
The encryption implementation can be replaced with a custom DataEncryption implementation in /WEB-INF/classes/customApplicationContext.xml.

To modify the encryption settings, you can customize the implementation

Example of Custom Encryption Implementation:

<!-- Sample custom DataEncryption implementation -->
<bean id="dataEncryption" class="custom.CustomDataEncryptionImpl">
    <property name="some_property" value="some_value"/>
</bean>

Note:
If you plan to change the encryption key or implementation, ensure this is done at the start of deployment. Changing these settings later can make previously encrypted data unreadable.

Created by Julieth Last modified by Aadrian on Dec 13, 2024

Tags:

Previous Using Windows Authentication for Microsoft SQL Server NextMulti-Factor Authentication using TOTP