Uploaded image for project: 'Android Client'
  1. Android Client
  2. AC-465

Encrypt Database from the details derived from the username and password

    XMLWordPrintable

    Details

    • Complexity:
      Undetermined

      Description

      Currently, the Android client provides no means of securing the user credentials when they login to the OpenMRS instance. The username and password is stored in SharedPreferences with no encryption, and so one could retrieve it from the Android phone and then the person would have access to the user's account.

      We should increase the security of the login phase by encrypting the username + password, using bcrypt. BCrypt has a key advantage compared to SHA encryption methods which is that it comes with salt generation which should be used when encrypting the user's credentials.

      References

      jBCrypt library - http://www.mindrot.org/projects/jBCrypt/

        Attachments

          Activity

            People

            Assignee:
            anuar2k Aleksander W [X] (Inactive)
            Reporter:
            csmuthukuda Chathuranga Muthukuda
            Designated Committer:
            Fawwaz Yusran [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: