Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-3709

Secret answer should be encrypted

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Should
    • Resolution: Fixed
    • Affects Version/s: Platform 1.10.0
    • Fix Version/s: Platform 2.0.0
    • Component/s: None
    • Labels:

      Description

      The secret answer should not be stored as free text; rather, it should be encrypted with salt like the password. For example, something like:

      String hashedAnswer = Security.encodeString(
        answer + credentials.getSalt(salt));
      

      within the HibernateUserDAO.changeQuestionAnswer(...) method.

      Ideally, as this change is introduced, all secret answers in the database would be hashed in this manner.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                jkondrat Jakub Kondrat
                Reporter:
                burke Burke Mamlin
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 1 day Original Estimate - 1 day
                    1d
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 1 day, 5 hours
                    1d 5h