Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-3709

Secret answer should be encrypted

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Should
    • Resolution: Fixed
    • Affects Version/s: Platform 1.10.0
    • Fix Version/s: Platform 2.0.0
    • Component/s: None
    • Labels:
    • Complexity:
      Medium

      Description

      The secret answer should not be stored as free text; rather, it should be encrypted with salt like the password. For example, something like:

      String hashedAnswer = Security.encodeString(
        answer + credentials.getSalt(salt));
      

      within the HibernateUserDAO.changeQuestionAnswer(...) method.

      Ideally, as this change is introduced, all secret answers in the database would be hashed in this manner.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jkondrat Jakub Kondrat
              Reporter:
              burke Burke Mamlin
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 day Original Estimate - 1 day
                  1d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 5 hours
                  1d 5h