Asset Bank can optionally encrypt* users passwords before storing them in the Asset Bank database
Note: this is the default behaviour in more recent versions of Asset Bank.
If your Asset Bank is currently storing the passwords in an unencrypted fashion and you would like to change that then take one of the two approaches below...
For newly installed Asset Banks (no new or changed users after installation)
- Open <tomcat home>\webapps\asset-bank\WEB-INF\classes\ApplicationSettings.properties in a text editor
- Search for the setting 'encrypt-passwords'
- Change it's value to true
- Save and close the settings file
- Restart Tomcat
For Asset Banks that have had users added to them or had existing users modified.
- Take a backup of your Asset Bank database
- Login to your Asset Bank as an admin user
- before version 3.1420: Run the action http://<urlOfAssetBank>/action/encryptPasswords and wait to be redirected back to the homepage
after version 3.1420: Run the "Encrypt Passwords" action from the developer page under "Admin > System > Developer"
Note: you will not need to change the settings file since the "encrypt password" action will do it for you. - Ask users to test their login to make sure that the encryption has worked and users can still login
- If for any reason there are problems with user login after the encryption restore the backup of the database and contact our support team
*technically speaking the passwords are salted and one-way hashed.
Comments
0 comments
Please sign in to leave a comment.