Uploaded image for project: 'CFA MX '
  1. CFA MX
  2. CFAMX-9290

Implement password database encryption

    Details

    • Type: Story
    • Status: Closed (View Workflow)
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Sprint:
      System Health Sprint 2
    • Story Points:
      8
    • Work Type Classification:
      Sustaining

      Description

      As a developer, I would expect that user passwords are encrypted at rest in the database.

      Passwords are stored in the db with an MD5 hash rather than a more secure SHA256 encryption. Passwords are also sent to MxConnect in plain text, we should update the security so that passwords are salted and nonced prior to being sent to the server.

        Attachments

          Issue Links

          implements

          Feature Request - CFAMX-1274 Upgrade Password Security (INF-2183)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          There are no Sub-Tasks for this issue.

            Activity

              People

              • Assignee:
                Corey.Amend Corey Amend (Inactive)
                Reporter:
                Corey.Amend Corey Amend (Inactive)
              • Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 53h
                  53h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 25h 34m Time Not Required
                  25h 34m

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.