Override a specific class PwdEncryptor liferay 6.2
Question
I want to implement a specific algorithm (a combinaison of SHA and MD5) to encode passwords is there a way to override PwdEncryptor class specificly the encrypt method, i tried to add a package to my project with the same name of the original one com.liferay.portal.security.pwd but apparently it doesnt work
1 answers
solution1
0 2021-05-07 07:02:32
First: Touching anything in this matter, coming up with extra-clever hashing, typically only weakens your system. You should leave cryptography and hashing to those who do this professionally. MD5 should be wiped from the list of useful hashes for password storage by now.
Further more, Liferay's default password hashing in 6.2 is PBKDF2WithHmacSHA1/160/128000 - so you'll actually weaken it by choosing something like your suggestion.
The technical answer to your question: I believe that Liferay 6.x didn't make the password hashing algorithms an extension point, so you're stuck with an ext plugin. If you're ever planning an upgrade though (and you should, Liferay 6.2 is 5 years out of date by now - and mocking with password hashing sounds like you're somewhat security-conscious) this is a great way to plant obstacles and prepare yourself to complain about high upgrade efforts later. Don't do this. Rather upgrade now and accept the industry standard.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.