Encrypted passwords?

LG1 · January 7, 2006, 10:11am

Hi,

is it possible to encrypt the user (and admin) passwords in the database? I’'m using currently the embedded database but this problem should occur with every database. LDAP authentication could be an option to get around this problem if one has an ldap server and wants to use it.

I personally do not want to deploy a product which stores passwords as plain text and some security regulations reject using such products.

A small example about encryption with java code is located here http://www.devbistro.com/articles/Java/Password-Encryption

LG

grutto · January 7, 2006, 6:24pm

LG,

Password hashing has been discussed for a while.

(see http://www.jivesoftware.org/community/thread.jspa?messageID=105276

http://www.jivesoftware.org/community/thread.jspa?threadID=16033&tstart=0

http://www.jivesoftware.org/community/thread.jspa?messageID=104728

)

There is a feature request (JM-291) still open to be implemented. You may vote for JM-291 if it meets your requirement.

I fully support your request. Plain passwords in the database is the main reason that we currently cannot use Wildfire.

Michael

PS: Salted Hash is described here http://www.aspheute.com/english/20040105.asp