Page 1 of 1

How to Store Passwords Securely in the Database

Posted: Wed Oct 18, 2017 6:53 am
by tsupartono
With the release of EPC 141070 that introduces cryptographic hash functions for RDMLX, it’s a good time to talk about password security.
Read on if you are developing or maintaining websites that keeps a user database.

https://blogs.developer.lansa.com/secur ... d-storage/

We’ll talk about some best practices that you can employ to minimise the risk of your users’ passwords falling into the wrong hands, and how to do cryptographic hashing in RDMLX.

Re: How to Store Passwords Securely in the Database

Posted: Mon Jul 30, 2018 5:40 pm
by RobboRobson
Wouldn't do it a product I worked on recently had their database on an IBMi but used a mixture of .NET and RPG applications to run their software.

If you are using an IBMi use it for you passwords etc. as this place had issues with changing passwords etc. became a support nightmare and a sales issue

Re: How to Store Passwords Securely in the Database

Posted: Tue Jul 31, 2018 9:55 am
by BrendanB
with the new REST api features, you may be able to create a secure API that can be used by .Net/RPG/java etc that will do the password checking for you. and an API to handle 'change password' functions.

This would bring you back to a single 'point-of-failure' -- your LANSA server module. Much easier to secure than different routines in different languages, and calling a REST api should be simple from most languages.