Hitachi Vantara Pentaho Community Forums
Results 1 to 12 of 12

Thread: How to work with encrypted user passwords?

  1. #1

    Default How to work with encrypted user passwords?

    We are facing a challenge with authenticating users so they can get in to the Pentaho admin console. We are using the JDBC security DAO (Oracle) and our users table is supposed to store the password in an encrypted digest form.

    From what I know, there is no function we can use in the SQL to decrypt this password when trying to authenticate users. So I wanted to know if there is a way we can apply our custom encryption function to the plain-text password passed by the login screen to the acegi authentication routine.

    Any ideas, anyone?
    Thanks!

  2. #2
    Join Date
    Nov 2006
    Posts
    171

    Default

    Hi,

    in WEB-INF/applicationContext-acegi-security-jdbc.xml
    replace
    Code:
    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.PlaintextPasswordEncoder" />
    by
    Code:
    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
    or with the class name corresponding to the digest you use. I just tried it and it works.

    Cheers,
    Ulrich

  3. #3

    Question Better security

    The MD5 hash is in most cases secure enough...
    BUT when a person has access to your user table, he can gues by recuring hash text if some password the same. You can imagine that some default passwords are easy to gues.

    Is there a way to make the password encoding more secure?? Like salting the password with username (or something) and then hash it?

  4. #4
    Join Date
    Oct 2007
    Posts
    235

    Default

    You can add a salt source which would mean they would have to recalculate the hash for every username, preventing them from using rainbow tables at least.

    add this to your daoAuthenticationProvider in applicationContext-acegi-security-jdbc.xml
    Code:
    <property name="saltSource"><ref bean="saltSource"/></property>
    then add the following bean:
    Code:
    <bean id="saltSource" class="org.acegisecurity.providers.dao.salt.ReflectionSaltSource">
            <property name="userPropertyToUse" value="getUsername"/>
        </bean>
    For more information have a look at the acegi docs.

    good luck

    Wil
    SQL: as much of a standard as the English language

  5. #5

    Question MD5 passwords and the administration console

    I am also trying to get the admin console working with md5 encrypted passwords. Where are the settings where the encryption method is defined for insert or update user passwords?

  6. #6
    Join Date
    Oct 2006
    Posts
    817

    Default

    The admin console will use the password encoder defined in applicationContext-spring-security-hibernate.xml. If you change the encoder after saving user passwords, you will have to re-save them to get the admin console to encode using the latest password encoder.

  7. #7

    Thumbs up

    I use the applicationContext-spring-security-jdbc.xml and not the hibernate xml....
    in applicationContext-spring-security-jdbc.xml I have:
    <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />

    So you have to edit applicationContext-spring-security-hibernate.xml even when you don't use it...(???!!!)

    <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />

    Strange but it works

  8. #8
    Join Date
    Sep 2009
    Posts
    7

    Default same problem to me.....

    Hi ,
    I am also using pentaho version 3.5.I have done configuration for mysql database.I am able to create user role in my MySql database.By default
    application uses PlaintextPasswordEncoder.But problem is that when i am try to login it gives me login error for bad password.When i change my password to plain text not encrypted it works ,and i am able to login.I also tried by changing provider in applicationContext-spring-security-jdbc.xml file to
    org.hibernate.providers.encoding.Md5PasswordEncode.
    But it's not working.

    So please if anybody have solved this issue please give me solution.
    Thanks in advance.

    Thanks
    Amol Patil.
    Thanks....
    Jeevan

  9. #9
    Join Date
    Sep 2009
    Posts
    14

    Unhappy Problem with user authetication

    Hi Jeevan,

    I been trying to configure MySql with Pentaho BI server 3.5 RC2 to do login authentication. i got screwed up setting Pentaho with the help of Wiki and created my set of files,
    biserver-ce-3.5.0.RC2\biserver-ce\pentaho-solutions\system\
    applicationContext-spring-security-mytestDB.xml
    applicationContext-pentaho-security-mytestDB.xml

    and i have configured META-INF\Context.xml and Simple-jndi.

    But i am unable to load users list in Login Scroll down,Security and Roles..
    Shall i have to create the authorities table in my database ???
    i dont know wat to do.....

    Help me out to fix this..
    Would be greatful...

    Thx
    Murali

  10. #10
    wvaibhav Guest

    Default Regarding bypassing login

    Hi Wil/Ulrich,

    I am using BI 3.5, After publishing the report, same report link I have provided from my existing web app which already have a security mechanism.

    Now, how can I byepass pentaho login page, so as to show the reports directly to the user without any authentication. Please guide me.

    Thanks
    vaibhav Kumar

  11. #11
    Join Date
    Aug 2016
    Posts
    18

    Default how to encrypt the password in 6.1 version bi server

    we are trying to encrypt the password in 6.1 version bi server but we con't so any one help me



    Quote Originally Posted by ulrich View Post
    Hi,

    in WEB-INF/applicationContext-acegi-security-jdbc.xml
    replace
    Code:
    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.PlaintextPasswordEncoder" />
    by
    Code:
    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
    or with the class name corresponding to the digest you use. I just tried it and it works.

    Cheers,
    Ulrich

  12. #12
    Join Date
    Apr 2007
    Posts
    2,010

    Default

    For anyone who comes across this, detailed blog here:

    https://dankeeley.wordpress.com/2018...ds-with-salts/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.