3.36. Password Encryption

Warning

You are looking at documentation for an older release. Not what you want? See the current release documentation.

For security, the user passwords are encrypted before being stored into the database. When a user logs in, he provides a password in clear text. This given password is then encrypted by the same algorithm and the same encoder class before being compared with the stored password. If they match, the user gets authenticated.

As of eXo Platform 4.3, the encoder and the algorithm can be configured via exo.properties file.

Note

It is not likely administrators will want to change the default encoder and algorithm. However for users who upgrade from a previous version older than 4.3, it is important to know that the default encoder and the default algorithm have changed, so you will need to re-configure it back to the old one which has been used, otherwise old users will not be able to log in.

Before 4.3, the defaults are:

As of 4.3, the defaults are:

To change the defaults in 4.3 back to the old ones, edit exo.properties to have:

exo.plidm.password.class=org.picketlink.idm.impl.credential.HashingEncoder
exo.plidm.password.hash=MD5
Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus