Password Hash

From ADempiere

Revision as of 23:26, 7 June 2013 by Adaxa (Talk) (→‎Overview)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

This Wiki is read-only for reference purposes to avoid broken links.

Status

Contributors

Overview

User passwords should be stored in a non-recoverable form in case the database is compromised:

http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html

Adaxa has implemented password hashing based on the recommendations in

https://www.owasp.org/index.php/Hashing_Java

using a random salt and hashing with 1000 rounds of the SHA-512 algorithm.

Pushed to contribution_adaxa

http://adempiere.hg.sourceforge.net/hgweb/adempiere/contribution_adaxa/rev/6d9090d8a9f6

Testing and comments welcomed.

Purpose

References

Design Considerations

Assumptions

Dependencies

Constraints

Glossary

Functional Requirements

User roles & profiles

Business process definition

User stories

Functional requirements based on business processes

User Interface Mockups

Acceptance criteria

QA and test cases

Development infrastructure

Technical Requirements

Data Requirements

Non-Functional Requirements

Open Discussion Items

Closed Discussion Items

Retrieved from "http://www.adempiere.com/index.php5?title=Password_Hash&oldid=22568"