Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Hash Function

Joget is now more secured secure with advanced hashing implementation for passwords. Joget's password storage is now equipped with The hash function used is SHA-256 . The Salts have been used with hashing. The Hashing algorithm  being used is PBEWithMD5AndDES for 2 way encryption. 
<Still needs update. Waiting for clarifications>with added salt.

2-Way Encryption

The default algorithm being used for 2-way encryption is PBEWithMD5AndDES. If stronger encryption is required, the encryption implementation can be replaced with a custom DataEncryption implementation in /WEB-INF/classes/customApplicationContext.xml e.g.

Code Block
languagexml
<!-- Sample custom DataEncryption implementation -->
<bean id="dataEncryption" class="custom.CustomDataEncryptionImpl">
    <property name="some_property" value="some_value"/>
</bean>



Warning
NOTE: If any encryption key or implementation changes are to be implemented, they must be done right at the beginning of any deployment as all previous encrypted strings would become unreadable.