Import to app_user and encrypt password

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Import to app_user and encrypt password

diegzgz
Hi, I'm using the appfuse-modular-spring-archetype.

I have a large database of users with passwords unencrypted, I would like to import them to appfuse (to app_user) and encrypt the password.
Is there a proper way to do this?

My first idea was to use the sql's SHA2 function to do the import:
INSERT INTO new_table(username, password) SELECT username, SHA2(password, 254) FROM old_table;
but appfuse doesn't use this encryption :(

Should I change the encryption in appfuse to some encryption that can be done with sql like sh2 or md5? If so, how? Which files do I have to modify?
Or is there any way to easily encrypt those passwords using the encryption used by appfuse and import the data?

I searched the forum but found nothing, any help? Thank you and sorry for my english :)
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Import to app_user and encrypt password

mraible
Administrator
AppFuse uses the BCryptPasswordEncoder by default - from security.xml:

    <authentication-manager>
        <authentication-provider user-service-ref="userDao">
            <password-encoder ref="passwordEncoder"/>
        </authentication-provider>
    </authentication-manager>

    <!-- Override the default password-encoder (BCrypt) by uncommenting the following and changing the class -->
    <!-- <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> —>

Here’s an article that explains it well:

http://www.mkyong.com/spring-security/spring-security-password-hashing-example/

Maybe you can write a utility class that does something like this:

BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);

You could also change the default password encoder to something that fits your system better.

Hope this helps,

Matt

> On May 26, 2016, at 9:40 AM, diegzgz <[hidden email]> wrote:
>
> Hi, I'm using the appfuse-modular-spring-archetype.
>
> I have a large database of users with passwords unencrypted, I would like to
> import them to appfuse (to app_user) and encrypt the password.
> Is there a proper way to do this?
>
> My first idea was to use the sql's SHA2 function to do the import:
> /INSERT INTO new_table(username, password) SELECT username, SHA2(password,
> 254) FROM old_table;/
> but appfuse doesn't use this encryption :(
>
> Should I change the encryption in appfuse to some encryption that can be
> done with sql like sh2 or md5? If so, how? Which files do I have to modify?
> Or is there any way to easily encrypt those passwords using the encryption
> used by appfuse and import the data?
>
> I searched the forum but found nothing, any help? Thank you and sorry for my
> english :)
>
>
>
> --
> View this message in context: http://appfuse.547863.n4.nabble.com/Import-to-app-user-and-encrypt-password-tp4657913.html
> Sent from the AppFuse - User mailing list archive at Nabble.com.

Loading...