Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
As a Fineract operator
I want to store tenant passwords encrypted
in order to reduce security risk
Background and details:
Tenant passwords are stored in plain text in the database. It should be encrypted to disable accidental share/access.…
Acceptance criteria
- Tenant passwords are encrypted in the fineract_tenants schema
- Tenant passwords are encrypted with AES encryption using Java (not the DB level encryption)
- The AES mode is CBC (AES/CBC/PKCS5Padding)
- Existing tenants are migrated over to encrypted passwords seamlessly
- The master password and initialization vector (IV) for encrypting the data can be configured via environment variables
- The encryption for tenant passwords cannot be turned off
Attachments
Issue Links
- is a child of
-
FINERACT-1874 Release Apache Fineract 1.9.0
- In Progress
- links to