Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-1564

Move passwords from global properties into runtime properties file

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed
    • Should
    • Resolution: Incomplete
    • None
    • OpenMRS 1.6.0
    • Scheduler
    • None

    Description

      We need to figure out a way to handle encryption/decryption of passwords in the global properties table.

      The scheduler component (org.openmrs.scheduler) requires a username/password, so that its scheduled tasks can make calls to the service layer. Originally, the username and password for the scheduler component was declared in a constants file (SchedulerConstants). For security reasons, we decided to remove the password from the source code and move it into the global properties table in the database. The password is still in cleartext (in the database) and therefore poses a security risk. We would like to figure out a general scheme for encrypting passwords like these in the database.

      Gliffy Diagrams

        Attachments

          Activity

            People

              jmiranda Justin Miranda [X] (Inactive)
              jmiranda Justin Miranda [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: