[opencms-dev] Antwort: Re: OpenCMS - saving user passwords
martin.rosenthal at oerag.de
martin.rosenthal at oerag.de
Mon Aug 31 12:23:50 CEST 2020
Hello Filip,
thank you very much for your quick reply.
Regards,
Martin
Von: Filip.Kratochvil at ibacz.eu
An: "The OpenCms mailing list" <opencms-dev at opencms.org>
Datum: 31.08.2020 12:18
Betreff: Re: [opencms-dev] OpenCMS - saving user passwords
Gesendet von: opencms-dev-bounces at opencms.org
Hello Martin,
OpenCms uses SCrypt function for password generation (which uses salt):
https://en.wikipedia.org/wiki/Scrypt
Password handler with parameters is configured in opencms-system.xml config
file.
By default "CmsDefaultPasswordHandler" is used, but you can configure
"CmsAdvancedPasswordHandler" (it has stronger requirements for user
passwords complexity, but it can be too much annoying in some cases).
https://documentation.opencms.org/javadoc/core/org/opencms/security/CmsDefaultPasswordHandler.html
https://documentation.opencms.org/javadoc/core/org/opencms/security/CmsAdvancedPasswordHandler.html
S pozdravem / Kind regards
Filip Kratochvil
Web & Portal Consultant
IBA CZ, s.r.o.
-----opencms-dev-bounces at opencms.org wrote: -----
To: "The OpenCms mailing list" <opencms-dev at opencms.org>
From: martin.rosenthal at oerag.de
Sent by: opencms-dev-bounces at opencms.org
Date: 08/31/2020 11:23AM
Subject: [opencms-dev] OpenCMS - saving user passwords
hello,
i've got a question about the storage of OpenCms user passwords. I can see,
that the passes are stored in a hashed form in the database. For the
generation of the hash is there additionaly used a kind of salt to encrypt
the pass?
It's a question of our IT security commissioner on which i didn't have an
answer.
Thanks and regards,
Martin Rosenthal
_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
Disclaimer:
The information contained in this communication is intended solely for the
use of the individual or entity to whom it is addressed and others
authorized to receive it.
It may contain confidential or legally privileged information.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify us
immediately by forwarding this email to ict at ibacz.eu and then delete it
from your system.
IBA Group is neither liable for the proper and complete transmission of the
information contained in this communication nor for any delay in its
receipt._______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list