-
Type:
Story
-
Status: Closed (View Workflow)
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Sprint:System Health Sprint 2
-
Story Points:8
-
Work Type Classification:Sustaining
As a developer, I would expect that user passwords are encrypted at rest in the database.
Passwords are stored in the db with an MD5 hash rather than a more secure SHA256 encryption. Passwords are also sent to MxConnect in plain text, we should update the security so that passwords are salted and nonced prior to being sent to the server.
- implements
-
CFAMX-1274 Upgrade Password Security (INF-2183)
-
- Closed
-
1.
|
Create Test Scripts |
|
Done | Kevin Reid (Inactive) |
|
||||||||
2.
|
Deploy |
|
Done | Unassigned |
|
||||||||
3.
|
Functional Review |
|
Done | Unassigned |
|
||||||||
4.
|
DIT |
|
Done | Caner Saritac |
|
||||||||
5.
|
Research best method for encryption |
|
Done | Caner Saritac |
|
||||||||
6.
|
Migrate existing users to encrypt password |
|
Done | Caner Saritac |
|
||||||||
7.
|
Implement password database encryption |
|
Done | Caner Saritac |
|
||||||||
8.
|
Documentation |
|
Done | Caner Saritac |
|
||||||||
9.
|
Locate and fix passwords sent in cleartext |
|
Done | Caner Saritac |
|
||||||||
10.
|
Execute Test Scripts |
|
Done | Kevin Reid (Inactive) |
|
