https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314904#M1905 <P>Only the initial Administrator password, that is the word "Administrator", is not encrypted as the assumption was made that it needs to be reset anyway to make it secure. The moment you change the Administrator password, it does get encrypted.</P> <P>Please make a test and change your Administrator password and then query the users table to see if that indeed is the case.</P> Mon, 27 Aug 2012 23:24:09 GMT Wojciech_Sulejm 2012-08-27T23:24:09Z https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314903#M1904 <P>We are using Nuxeo 5.6-RC2. We are connecting via oracle template. We have also customized nuxeo to use our customized pre-made users instead default nuxeo users.</P> <P>Now, username and password Administrator and Administrator are placed in MY_CUSTOMIZED_USERS table, and obviously they are not encrypted. In production environment, users have access to database and they can see Administrator password.</P> <P>Is there anyway we can customize Nuxeo to have our login passwords in database encrypted?</P> Mon, 27 Aug 2012 07:35:27 GMT https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314903#M1904 SMAH_Haider 2012-08-27T07:35:27Z https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314904#M1905 <P>Only the initial Administrator password, that is the word "Administrator", is not encrypted as the assumption was made that it needs to be reset anyway to make it secure. The moment you change the Administrator password, it does get encrypted.</P> <P>Please make a test and change your Administrator password and then query the users table to see if that indeed is the case.</P> Mon, 27 Aug 2012 23:24:09 GMT https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314904#M1905 Wojciech_Sulejm 2012-08-27T23:24:09Z https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314905#M1906 <P>Thanks Wojciech I changed the password and as you said it got encrypted in database. But as we have made our custom users by making our own user directory.</P> Tue, 28 Aug 2012 11:23:34 GMT https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314905#M1906 SMAH_Haider 2012-08-28T11:23:34Z https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314906#M1907 <P>If <CODE>&lt;passwordHashAlgorithm&gt;SSHA&lt;/passwordHashAlgorithm&gt;</CODE> is in the config then Nuxeo will encrypt any password it writes, but will still be able to read unencrypted ones.</P> <P>If you populate the password database using an external system, then you'll have to do the encryption yourself. You can see how SSHA is implemented by reading the code at <A href="https://github.com/nuxeo/nuxeo-services/blob/master/nuxeo-platform-directory/nuxeo-platform-directory-sql/src/main/java/org/nuxeo/ecm/directory/sql/PasswordHelper.java" target="test_blank">https://github.com/nuxeo/nuxeo-services/blob/master/nuxeo-platform-directory/nuxeo-platform-directory-sql/src/main/java/org/nuxeo/ecm/directory/sql/PasswordHelper.java</A></P> Thu, 30 Aug 2012 19:54:49 GMT https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314906#M1907 Florent_Guillau 2012-08-30T19:54:49Z https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314907#M1908 <P>Perfect. Thanks Florent.</P> Tue, 25 Sep 2012 08:14:32 GMT https://connect.hyland.com/t5/nuxeo-forum/encrypt-nuxeo-password-in-database/m-p/314907#M1908 SMAH_Haider 2012-09-25T08:14:32Z