Uploaded image for project: 'Android Client'
  1. Android Client
  2. AC-465

Encrypt Database from the details derived from the username and password

    XMLWordPrintable

    Details

    • Complexity:
      Undetermined

      Description

      Currently, the Android client provides no means of securing the user credentials when they login to the OpenMRS instance. The username and password is stored in SharedPreferences with no encryption, and so one could retrieve it from the Android phone and then the person would have access to the user's account.

      We should increase the security of the login phase by encrypting the username + password, using bcrypt. BCrypt has a key advantage compared to SHA encryption methods which is that it comes with salt generation which should be used when encrypting the user's credentials.

      References

      jBCrypt library - http://www.mindrot.org/projects/jBCrypt/

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              anuar2k Aleksander W
              Reporter:
              csmuthukuda Chathuranga Muthukuda
              Designated Committer:
              Fawwaz Yusran
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: