Uploaded image for project: 'Android Client'
  1. Android Client
  2. AC-465

Encrypt Database from the details derived from the username and password

    XMLWordPrintable

Details

    • Undetermined

    Description

      Currently, the Android client provides no means of securing the user credentials when they login to the OpenMRS instance. The username and password is stored in SharedPreferences with no encryption, and so one could retrieve it from the Android phone and then the person would have access to the user's account.

      We should increase the security of the login phase by encrypting the username + password, using bcrypt. BCrypt has a key advantage compared to SHA encryption methods which is that it comes with salt generation which should be used when encrypting the user's credentials.

      References

      jBCrypt library - http://www.mindrot.org/projects/jBCrypt/

      Gliffy Diagrams

        Attachments

          Activity

            People

              anuar2k Aleksander W
              csmuthukuda Chathuranga Muthukuda
              Fawwaz Yusran Fawwaz Yusran
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: