How to Store Passwords Securely in the Database

This forum allows developers to post programming tips and coding techniques that may be useful to other Visual LANSA developers. The information contained in this forum has not been validated by LANSA and, as such, LANSA cannot guarantee the accuracy of the information.
Post Reply
tsupartono
Posts: 49
Joined: Wed Jan 25, 2017 11:12 am

How to Store Passwords Securely in the Database

Post by tsupartono » Wed Oct 18, 2017 6:53 am

With the release of EPC 141070 that introduces cryptographic hash functions for RDMLX, it’s a good time to talk about password security.
Read on if you are developing or maintaining websites that keeps a user database.

https://blogs.developer.lansa.com/secur ... d-storage/

We’ll talk about some best practices that you can employ to minimise the risk of your users’ passwords falling into the wrong hands, and how to do cryptographic hashing in RDMLX.

RobboRobson
Posts: 2
Joined: Mon Jul 30, 2018 5:10 pm

Re: How to Store Passwords Securely in the Database

Post by RobboRobson » Mon Jul 30, 2018 5:40 pm

Wouldn't do it a product I worked on recently had their database on an IBMi but used a mixture of .NET and RPG applications to run their software.

If you are using an IBMi use it for you passwords etc. as this place had issues with changing passwords etc. became a support nightmare and a sales issue

BrendanB
Posts: 20
Joined: Tue Nov 24, 2015 10:29 am

Re: How to Store Passwords Securely in the Database

Post by BrendanB » Tue Jul 31, 2018 9:55 am

with the new REST api features, you may be able to create a secure API that can be used by .Net/RPG/java etc that will do the password checking for you. and an API to handle 'change password' functions.

This would bring you back to a single 'point-of-failure' -- your LANSA server module. Much easier to secure than different routines in different languages, and calling a REST api should be simple from most languages.

Post Reply