Improved Password Security
Pre-release
See issue #2 for details. Passwords are now secured using multiple iterations of PBKDF2WITHHMACSHA512 based on recent guidelines like those of OWASP and PKCS #5 v2.1/rfc8018 for protecting passwords and private keys. This will make it more difficult to brute force break passwords if the encoded value is found out.
There is also an upgrade process for passwords such that if you have a database from before version v1.0.2 users passwords will be re-encoded on login or update to the newer more secure format. Future releases will use the upgrade process as better methods become available.
To run the app, pass in the database setting parameters like this:
- jdbc url --spring.datasource.url=<url>
- username --spring.datasource.username=<username>
- password --spring.datasource.password=<password>
Optionally pass the service port like this:
- port --server.port=<portnumber>
Example command
java -jar Requel-1.0.2.jar --spring.datasource.url=jdbc:mysql://localhost:3306/requeldb?createDatabaseIfNotExist=true --spring.datasource.username=root --spring.datasource.password=password --server.port=8081
Then access the app http://localhost:8081/
login to the application as admin user with password admin.