Chand, Why is this better than what we have, what problems does it address that you have found in OfBiz?
- Andrew On Thu, 2007-02-01 at 22:26 -0800, Chandresh Turakhia wrote: > Team, > > Is it worth looking at > > http://www.jasypt.org/faq.html > > Jasypt (Java Simplified Encryption) has released version 1.0. Jasypt allows > the developer to add basic encryption capabilities to his/her projects with > minimum effort, and without the need of having deep knowledge on how > cryptography works. > > Feature Overview: > * It follows the RSA standards for Password-Based Cryptography. > * It is completely thread-safe. > * Can be both used in an "easy" way, with almost no difficulty, or in a > highly-configurable, power-user way. > * It provides comprehensive guides and javadoc documentation, to allow > developers to better understand what they are really doing to their data. > * It provides a Hibernate integration add-on (jasypt-hibernate) for > persisting fields of your mapped entities in an encrypted manner. Encryption > of fields is defined in the Hibernate mapping files, and it remains > transparent for the rest of the application (useful for sensitive personal > data, databases with many read-enabled users...) > * It can be perfectly integrated into a Spring application. All the > digesters and encryptors in jasypt are designed to be easily used > (instantiated, dependency-injected...) from an IoC container like Spring. > And, because of it being thread-safe, they can be used without worries in a > singleton-oriented environment like Spring. > * It allows a very high lever of configurability: The developer can > implement tricks like instructing an "encryptor" to ask a, for example, > remote HTTPS server for the password to be used for encryption. > > ----- Original Message ----- > From: "Chandresh Turakhia" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <dev@ofbiz.apache.org>; > <[EMAIL PROTECTED]> > Sent: Thursday, January 25, 2007 3:03 AM > Subject: Re: How do I decrypt passwords? > > > Andrew & Drew, > > May I bring to light an different aspect of password generation : > > It generates the **same** "encrypted password" every time. e.g > "test" may generate "XYXQ1111" . for the next test as password it will also > generate "XYXQ1111". > > I needed to stop user from registering with standard passwords like > "test" ; "test123" ; "bharti" etc. All I had to do is run the program > which checks for these "standard generated passwords" and check with > "generated user entered password" in batch or online. It case string matches > , stop him from completing the process. I admit it was really dirty hack. > > This is debatable issues - It is feature or bug :) Ofbiz being > Open source ; it has far more implication. > > Can password generation be parameterized so the generated password > is different. > > Chand > > > ----- Original Message ----- > From: "Andrew Sykes" <[EMAIL PROTECTED]> > To: <dev@ofbiz.apache.org> > Sent: Wednesday, January 24, 2007 8:08 AM > Subject: Re: How do I decrypt passwords? > > > > Drew, > > > > I believe the encryption is asynchronous, i.e. not reversible. > > > > - Andrew > > > > On Wed, 2007-01-24 at 10:33 -0500, Stephens, Drew wrote: > >> I have a question about decrypting passwords from the User_Login table. > >> We need to prepare a file of User ID and passwords to an external > >> system, I think I have found the programming used to encrypt and save > >> the password to the database but I could find not any logic to decrypt > >> the password. Obviously, if we can't decrypt we can't provide the > >> password. I don't want to reverse engineer the encryption logic and > >> then write a new decryption logic; I want to use something that already > >> exists. > >> > >> We are running an old version of OFBIZ, I think 1.1 but I don't remember > >> exactly how to find out for sure. > >> > >> Thanks for any help you can provide. > >> > >> > >> Drew Stephens > >> Rippe & Kingston Systems, Inc. > >> [EMAIL PROTECTED] > >> Phone: (513) 977-4573 > >> > >> Visit us at: www.rippe.com > >> > >> 1077 Celestial Street, Cincinnati, Ohio 45202-1696 > >> > >> ======================================================================== > >> ======= > >> > >> > > -- > > Kind Regards > > Andrew Sykes <[EMAIL PROTECTED]> > > Sykes Development Ltd > > http://www.sykesdevelopment.com > > > > > > -- Kind Regards Andrew Sykes <[EMAIL PROTECTED]> Sykes Development Ltd http://www.sykesdevelopment.com