IMO the password field should be encrypted when it is stored in the database. That means the password should be encrypted from the backend and decrypted each time from the backend once requested.
Thanks. *Maninda Edirisooriya* Senior Software Engineer *WSO2, Inc.*lean.enterprise.middleware. *Blog* : http://maninda.blogspot.com/ *E-mail* : [email protected] *Skype* : @manindae *Twitter* : @maninda On Mon, Mar 16, 2015 at 10:46 AM, Sithumini Senevirathne < [email protected]> wrote: > Hi all, > > Currently registry do not have password field support for RXTs and I'm > working on implementing this. > > This implementation comes with several concerns as below, > > 1. UI aspect of the password field > 2. Security aspect of the password fields > > > The solution for the concern #1 is, > > 1. Created a new "PasswordFiels" class in > "org.wso2.carbon.governance.generic.ui.common.dataobject" > > > Regarding the security concern of the password field, I identified several > challenges. > > - When to encrypt the password field content. > - Whether the encryption should be in UI side or backend side? > - When to decrypt the password field content. > - Whether the decryption should be done in every time it is viewed or > decrypt the password field content as necessary upon request of the user? > > Please give your suggestions on regarding these concerns. > > Thanks, > Regards, > Sithumini > -- > -- > Sithumini Senevirathne > Software Engineer > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], mobile: +94 756977999 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
