Hash Function

Joget is now more secure with advanced hashing implementation for passwords. The hash function used is SHA-256 with added salt.

2-Way Encryption

The default algorithm being used for 2-way encryption is PBEWithMD5AndDES. If stronger encryption is required, the encryption implementation can be replaced with a custom DataEncryption implementation in /WEB-INF/classes/customApplicationContext.xml e.g.

<!-- Sample custom DataEncryption implementation -->
<bean id="dataEncryption" class="custom.CustomDataEncryptionImpl">
    <property name="some_property" value="some_value"/>

NOTE: If any encryption key or implementation changes are to be implemented, they must be done right at the beginning of any deployment as all previous encrypted strings would become unreadable.
  • No labels